supply-chain-guard 4.0.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +49 -1
- package/dist/cli.js.map +1 -1
- package/dist/github-trust-scanner.d.ts +24 -0
- package/dist/github-trust-scanner.d.ts.map +1 -0
- package/dist/github-trust-scanner.js +314 -0
- package/dist/github-trust-scanner.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/ioc-blocklist.d.ts +29 -0
- package/dist/ioc-blocklist.d.ts.map +1 -0
- package/dist/ioc-blocklist.js +193 -0
- package/dist/ioc-blocklist.js.map +1 -0
- package/dist/patterns.d.ts +2 -0
- package/dist/patterns.d.ts.map +1 -1
- package/dist/patterns.js +135 -1
- package/dist/patterns.js.map +1 -1
- package/dist/reporter.js +3 -3
- package/dist/scanner.d.ts.map +1 -1
- package/dist/scanner.js +163 -1
- package/dist/scanner.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -13,13 +13,14 @@ const npm_scanner_js_1 = require("./npm-scanner.js");
|
|
|
13
13
|
const pypi_scanner_js_1 = require("./pypi-scanner.js");
|
|
14
14
|
const vscode_scanner_js_1 = require("./vscode-scanner.js");
|
|
15
15
|
const dependency_confusion_js_1 = require("./dependency-confusion.js");
|
|
16
|
+
const github_trust_scanner_js_1 = require("./github-trust-scanner.js");
|
|
16
17
|
const solana_monitor_js_1 = require("./solana-monitor.js");
|
|
17
18
|
const reporter_js_1 = require("./reporter.js");
|
|
18
19
|
const program = new commander_1.Command();
|
|
19
20
|
program
|
|
20
21
|
.name("supply-chain-guard")
|
|
21
22
|
.description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, PyPI packages, code repos, VS Code extensions, and project dependencies.")
|
|
22
|
-
.version("4.
|
|
23
|
+
.version("4.1.0");
|
|
23
24
|
// ── scan command ────────────────────────────────────────────────────
|
|
24
25
|
program
|
|
25
26
|
.command("scan")
|
|
@@ -181,6 +182,53 @@ program
|
|
|
181
182
|
process.exit(1);
|
|
182
183
|
}
|
|
183
184
|
});
|
|
185
|
+
// ── repo command ──────────────────────────────────────────────────
|
|
186
|
+
program
|
|
187
|
+
.command("repo")
|
|
188
|
+
.description("Analyze a GitHub repository for trust signals and malware indicators")
|
|
189
|
+
.argument("<url>", "GitHub repository URL (e.g., https://github.com/owner/repo)")
|
|
190
|
+
.option("-f, --format <format>", "Output format: text, json, markdown, sarif, sbom, html", "text")
|
|
191
|
+
.action(async (url, opts) => {
|
|
192
|
+
try {
|
|
193
|
+
const parsed = (0, github_trust_scanner_js_1.parseGitHubUrl)(url);
|
|
194
|
+
if (!parsed) {
|
|
195
|
+
throw new Error("Invalid GitHub URL. Expected: https://github.com/owner/repo");
|
|
196
|
+
}
|
|
197
|
+
// Run trust analysis
|
|
198
|
+
const trustFindings = (0, github_trust_scanner_js_1.analyzeGitHubTrust)(parsed.owner, parsed.repo);
|
|
199
|
+
// Also run a full scan (clone + content analysis)
|
|
200
|
+
const options = {
|
|
201
|
+
target: url,
|
|
202
|
+
format: opts.format,
|
|
203
|
+
};
|
|
204
|
+
const report = await (0, scanner_js_1.scan)(options);
|
|
205
|
+
// Merge trust findings (deduplicate)
|
|
206
|
+
const existingRules = new Set(report.findings.map((f) => f.rule));
|
|
207
|
+
for (const tf of trustFindings) {
|
|
208
|
+
if (!existingRules.has(tf.rule)) {
|
|
209
|
+
report.findings.push(tf);
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
// Recalculate summary
|
|
213
|
+
report.summary.critical = report.findings.filter((f) => f.severity === "critical").length;
|
|
214
|
+
report.summary.high = report.findings.filter((f) => f.severity === "high").length;
|
|
215
|
+
report.summary.medium = report.findings.filter((f) => f.severity === "medium").length;
|
|
216
|
+
report.summary.low = report.findings.filter((f) => f.severity === "low").length;
|
|
217
|
+
report.summary.info = report.findings.filter((f) => f.severity === "info").length;
|
|
218
|
+
console.log((0, reporter_js_1.formatReport)(report, opts.format));
|
|
219
|
+
if (report.summary.critical > 0) {
|
|
220
|
+
process.exit(2);
|
|
221
|
+
}
|
|
222
|
+
if (report.summary.high > 0) {
|
|
223
|
+
process.exit(1);
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
catch (err) {
|
|
227
|
+
const message = err instanceof Error ? err.message : String(err);
|
|
228
|
+
console.error(`\n Error: ${message}\n`);
|
|
229
|
+
process.exit(1);
|
|
230
|
+
}
|
|
231
|
+
});
|
|
184
232
|
// ── monitor command ─────────────────────────────────────────────────
|
|
185
233
|
program
|
|
186
234
|
.command("monitor")
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,sBAAsB,EACtB,6FAA6F,CAC9F;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAMC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAkE;YAC/E,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,aAAa,GAA2B;gBAC5C,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;aACjD,CAAC;YACF,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CACrD,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,uEAAgG;AAChG,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,sBAAsB,EACtB,6FAA6F,CAC9F;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAMC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAkE;YAC/E,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,aAAa,GAA2B;gBAC5C,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;aACjD,CAAC;YACF,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CACrD,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,qEAAqE;AAErE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,sEAAsE,CAAC;KACnF,QAAQ,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAChF,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,KAAK,EACH,GAAW,EACX,IAAwB,EACxB,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wCAAc,EAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;QAED,qBAAqB;QACrB,MAAM,aAAa,GAAG,IAAA,4CAAkB,EAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAEpE,kDAAkD;QAClD,MAAM,OAAO,GAAgB;YAC3B,MAAM,EAAE,GAAG;YACX,MAAM,EAAE,IAAI,CAAC,MAA+B;SAC7C,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QAEnC,qCAAqC;QACrC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAC/B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC1F,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAClF,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QACtF,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAChF,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAElF,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAA+B,CAAC,CAAC,CAAC;QAExE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GitHub repository trust signal scanner.
|
|
3
|
+
*
|
|
4
|
+
* Analyzes GitHub repo metadata for indicators of fake/malicious repos:
|
|
5
|
+
* star-farming, new accounts, suspicious releases, lure READMEs, etc.
|
|
6
|
+
* Uses `gh` CLI for API access (no token configuration needed).
|
|
7
|
+
*/
|
|
8
|
+
import type { Finding } from "./types.js";
|
|
9
|
+
/**
|
|
10
|
+
* Parse a GitHub URL into owner/repo.
|
|
11
|
+
*/
|
|
12
|
+
export declare function parseGitHubUrl(url: string): {
|
|
13
|
+
owner: string;
|
|
14
|
+
repo: string;
|
|
15
|
+
} | null;
|
|
16
|
+
/**
|
|
17
|
+
* Analyze a GitHub repo for trust signals.
|
|
18
|
+
*/
|
|
19
|
+
export declare function analyzeGitHubTrust(owner: string, repo: string): Finding[];
|
|
20
|
+
/**
|
|
21
|
+
* Scan README content for lure patterns.
|
|
22
|
+
*/
|
|
23
|
+
export declare function scanReadmeLures(readmeContent: string, relativePath: string): Finding[];
|
|
24
|
+
//# sourceMappingURL=github-trust-scanner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github-trust-scanner.d.ts","sourceRoot":"","sources":["../src/github-trust-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAyH1C;;GAEG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,GACV;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAMxC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,GACX,OAAO,EAAE,CAiKX;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CA6BX"}
|
|
@@ -0,0 +1,314 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* GitHub repository trust signal scanner.
|
|
4
|
+
*
|
|
5
|
+
* Analyzes GitHub repo metadata for indicators of fake/malicious repos:
|
|
6
|
+
* star-farming, new accounts, suspicious releases, lure READMEs, etc.
|
|
7
|
+
* Uses `gh` CLI for API access (no token configuration needed).
|
|
8
|
+
*/
|
|
9
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
12
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
13
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
14
|
+
}
|
|
15
|
+
Object.defineProperty(o, k2, desc);
|
|
16
|
+
}) : (function(o, m, k, k2) {
|
|
17
|
+
if (k2 === undefined) k2 = k;
|
|
18
|
+
o[k2] = m[k];
|
|
19
|
+
}));
|
|
20
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
21
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
22
|
+
}) : function(o, v) {
|
|
23
|
+
o["default"] = v;
|
|
24
|
+
});
|
|
25
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
26
|
+
var ownKeys = function(o) {
|
|
27
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
28
|
+
var ar = [];
|
|
29
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
30
|
+
return ar;
|
|
31
|
+
};
|
|
32
|
+
return ownKeys(o);
|
|
33
|
+
};
|
|
34
|
+
return function (mod) {
|
|
35
|
+
if (mod && mod.__esModule) return mod;
|
|
36
|
+
var result = {};
|
|
37
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
38
|
+
__setModuleDefault(result, mod);
|
|
39
|
+
return result;
|
|
40
|
+
};
|
|
41
|
+
})();
|
|
42
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
43
|
+
exports.parseGitHubUrl = parseGitHubUrl;
|
|
44
|
+
exports.analyzeGitHubTrust = analyzeGitHubTrust;
|
|
45
|
+
exports.scanReadmeLures = scanReadmeLures;
|
|
46
|
+
const node_child_process_1 = require("node:child_process");
|
|
47
|
+
const path = __importStar(require("node:path"));
|
|
48
|
+
const patterns_js_1 = require("./patterns.js");
|
|
49
|
+
const ioc_blocklist_js_1 = require("./ioc-blocklist.js");
|
|
50
|
+
/**
|
|
51
|
+
* Check if `gh` CLI is available.
|
|
52
|
+
*/
|
|
53
|
+
function hasGhCli() {
|
|
54
|
+
try {
|
|
55
|
+
(0, node_child_process_1.execSync)("gh --version", { stdio: "pipe" });
|
|
56
|
+
return true;
|
|
57
|
+
}
|
|
58
|
+
catch {
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Fetch repo metadata via `gh api`.
|
|
64
|
+
*/
|
|
65
|
+
function fetchRepoMetadata(owner, repo) {
|
|
66
|
+
try {
|
|
67
|
+
const json = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo} --jq '{stars: .stargazers_count, forks: .forks_count, openIssues: .open_issues_count, hasIssues: .has_issues, createdAt: .created_at, pushedAt: .pushed_at, isOrg: (.owner.type == "Organization"), ownerLogin: .owner.login, defaultBranch: .default_branch}'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
|
|
68
|
+
const data = JSON.parse(json);
|
|
69
|
+
// Fetch owner account age
|
|
70
|
+
let ownerCreatedAt;
|
|
71
|
+
try {
|
|
72
|
+
const ownerJson = (0, node_child_process_1.execSync)(`gh api users/${owner} --jq '.created_at'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
|
|
73
|
+
ownerCreatedAt = ownerJson.trim();
|
|
74
|
+
}
|
|
75
|
+
catch { /* skip */ }
|
|
76
|
+
// Fetch commit count
|
|
77
|
+
let commitCount;
|
|
78
|
+
try {
|
|
79
|
+
const commitJson = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo}/commits?per_page=1 --jq 'length'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
|
|
80
|
+
commitCount = parseInt(commitJson.trim(), 10);
|
|
81
|
+
}
|
|
82
|
+
catch { /* skip */ }
|
|
83
|
+
// Fetch contributor count
|
|
84
|
+
let contributorCount;
|
|
85
|
+
try {
|
|
86
|
+
const contribJson = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo}/contributors?per_page=5 --jq 'length'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
|
|
87
|
+
contributorCount = parseInt(contribJson.trim(), 10);
|
|
88
|
+
}
|
|
89
|
+
catch { /* skip */ }
|
|
90
|
+
return {
|
|
91
|
+
owner,
|
|
92
|
+
name: repo,
|
|
93
|
+
stars: data.stars ?? 0,
|
|
94
|
+
forks: data.forks ?? 0,
|
|
95
|
+
openIssues: data.openIssues ?? 0,
|
|
96
|
+
hasIssues: data.hasIssues ?? true,
|
|
97
|
+
createdAt: data.createdAt ?? "",
|
|
98
|
+
pushedAt: data.pushedAt ?? "",
|
|
99
|
+
isOrg: data.isOrg ?? false,
|
|
100
|
+
ownerCreatedAt,
|
|
101
|
+
defaultBranch: data.defaultBranch ?? "main",
|
|
102
|
+
commitCount,
|
|
103
|
+
contributorCount,
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
catch {
|
|
107
|
+
return null;
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* Fetch release info via `gh api`.
|
|
112
|
+
*/
|
|
113
|
+
function fetchReleases(owner, repo) {
|
|
114
|
+
try {
|
|
115
|
+
const json = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo}/releases?per_page=5 --jq '[.[] | {tagName: .tag_name, name: .name, createdAt: .created_at, assets: [.assets[] | {name: .name, size: .size, downloadCount: .download_count}]}]'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
|
|
116
|
+
return JSON.parse(json);
|
|
117
|
+
}
|
|
118
|
+
catch {
|
|
119
|
+
return [];
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
/**
|
|
123
|
+
* Parse a GitHub URL into owner/repo.
|
|
124
|
+
*/
|
|
125
|
+
function parseGitHubUrl(url) {
|
|
126
|
+
const match = url.match(/github\.com\/([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)/);
|
|
127
|
+
if (!match)
|
|
128
|
+
return null;
|
|
129
|
+
return { owner: match[1], repo: match[2].replace(/\.git$/, "") };
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Analyze a GitHub repo for trust signals.
|
|
133
|
+
*/
|
|
134
|
+
function analyzeGitHubTrust(owner, repo) {
|
|
135
|
+
if (!hasGhCli())
|
|
136
|
+
return [];
|
|
137
|
+
const findings = [];
|
|
138
|
+
// Check known malicious accounts
|
|
139
|
+
if (ioc_blocklist_js_1.KNOWN_MALICIOUS_GITHUB_ACCOUNTS.includes(owner.toLowerCase())) {
|
|
140
|
+
findings.push({
|
|
141
|
+
rule: "REPO_KNOWN_MALICIOUS_ACCOUNT",
|
|
142
|
+
description: `Repository owner "${owner}" is a known malicious GitHub account.`,
|
|
143
|
+
severity: "critical",
|
|
144
|
+
recommendation: "Do not use code from this repository. This account has been identified as distributing malware.",
|
|
145
|
+
});
|
|
146
|
+
return findings; // No need to check further
|
|
147
|
+
}
|
|
148
|
+
// Fetch metadata
|
|
149
|
+
const meta = fetchRepoMetadata(owner, repo);
|
|
150
|
+
if (!meta)
|
|
151
|
+
return findings;
|
|
152
|
+
const now = Date.now();
|
|
153
|
+
const repoAge = now - new Date(meta.createdAt).getTime();
|
|
154
|
+
const daysSinceCreation = repoAge / (1000 * 60 * 60 * 24);
|
|
155
|
+
// Account age check
|
|
156
|
+
if (meta.ownerCreatedAt) {
|
|
157
|
+
const accountAge = now - new Date(meta.ownerCreatedAt).getTime();
|
|
158
|
+
const accountDays = accountAge / (1000 * 60 * 60 * 24);
|
|
159
|
+
if (accountDays < 90) {
|
|
160
|
+
findings.push({
|
|
161
|
+
rule: "REPO_NEW_ACCOUNT",
|
|
162
|
+
description: `Repository owner account is ${Math.round(accountDays)} days old (< 90 days). New accounts are higher risk.`,
|
|
163
|
+
severity: "high",
|
|
164
|
+
recommendation: "Exercise caution with code from newly created accounts. Verify the maintainer's identity.",
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
// Repo recently created with many stars
|
|
169
|
+
if (daysSinceCreation < 30 && meta.stars > 50) {
|
|
170
|
+
findings.push({
|
|
171
|
+
rule: "REPO_RECENT_CREATION",
|
|
172
|
+
description: `Repository is ${Math.round(daysSinceCreation)} days old with ${meta.stars} stars. Rapid star growth on a new repo is a star-farming indicator.`,
|
|
173
|
+
severity: "high",
|
|
174
|
+
recommendation: "Star-farming bots inflate stars on malicious repos. Verify the repo's legitimacy through code review.",
|
|
175
|
+
});
|
|
176
|
+
}
|
|
177
|
+
// Star/fork ratio check (forks > stars is unusual for organic repos)
|
|
178
|
+
if (meta.stars > 20 && meta.forks > meta.stars * 1.5) {
|
|
179
|
+
findings.push({
|
|
180
|
+
rule: "REPO_STAR_FORK_RATIO",
|
|
181
|
+
description: `Unusual star/fork ratio: ${meta.stars} stars vs ${meta.forks} forks. More forks than stars can indicate bot activity.`,
|
|
182
|
+
severity: "high",
|
|
183
|
+
recommendation: "Check if forks are from real, active accounts or star-farming bots.",
|
|
184
|
+
});
|
|
185
|
+
}
|
|
186
|
+
// Few contributors on popular repo
|
|
187
|
+
if (meta.contributorCount !== undefined &&
|
|
188
|
+
meta.contributorCount < 2 &&
|
|
189
|
+
meta.stars > 100) {
|
|
190
|
+
findings.push({
|
|
191
|
+
rule: "REPO_FEW_CONTRIBUTORS",
|
|
192
|
+
description: `Only ${meta.contributorCount} contributor(s) on a repo with ${meta.stars} stars. Legitimate popular projects typically have multiple contributors.`,
|
|
193
|
+
severity: "medium",
|
|
194
|
+
recommendation: "Single-contributor repos with high stars may be fake. Check contributor history.",
|
|
195
|
+
});
|
|
196
|
+
}
|
|
197
|
+
// No issues on popular repo
|
|
198
|
+
if (!meta.hasIssues || (meta.openIssues === 0 && meta.stars > 50)) {
|
|
199
|
+
findings.push({
|
|
200
|
+
rule: "REPO_NO_ISSUES",
|
|
201
|
+
description: `Issues ${meta.hasIssues ? "have 0 open items" : "are disabled"} on a repo with ${meta.stars} stars. Malicious repos often disable issues to avoid reports.`,
|
|
202
|
+
severity: "medium",
|
|
203
|
+
recommendation: "Legitimate projects encourage issue reporting. Disabled issues is a red flag.",
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
// Single commit repos
|
|
207
|
+
if (meta.commitCount !== undefined && meta.commitCount <= 2 && meta.stars > 10) {
|
|
208
|
+
findings.push({
|
|
209
|
+
rule: "REPO_SINGLE_COMMIT",
|
|
210
|
+
description: `Only ${meta.commitCount} commit(s) in a repo with ${meta.stars} stars. Malware repos are typically single-commit drops.`,
|
|
211
|
+
severity: "high",
|
|
212
|
+
recommendation: "Single-commit repos with stars are a strong malware indicator. Review the commit content.",
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
// Check releases for suspicious artifacts
|
|
216
|
+
const releases = fetchReleases(owner, repo);
|
|
217
|
+
for (const release of releases) {
|
|
218
|
+
// Executable artifacts
|
|
219
|
+
const suspiciousExts = [".exe", ".msi", ".bat", ".cmd", ".ps1", ".scr", ".com"];
|
|
220
|
+
const archiveExts = [".7z", ".rar"];
|
|
221
|
+
for (const asset of release.assets) {
|
|
222
|
+
const lowerName = asset.name.toLowerCase();
|
|
223
|
+
const ext = path.extname(lowerName);
|
|
224
|
+
if (suspiciousExts.includes(ext)) {
|
|
225
|
+
findings.push({
|
|
226
|
+
rule: "RELEASE_EXE_ARTIFACT",
|
|
227
|
+
description: `Executable file "${asset.name}" (${formatSize(asset.size)}) in release "${release.tagName}". GitHub releases should not contain executables.`,
|
|
228
|
+
severity: "critical",
|
|
229
|
+
recommendation: "Do NOT download this file. Executables in GitHub releases are a primary malware distribution vector.",
|
|
230
|
+
});
|
|
231
|
+
}
|
|
232
|
+
if (archiveExts.includes(ext)) {
|
|
233
|
+
findings.push({
|
|
234
|
+
rule: "RELEASE_7Z_ARCHIVE",
|
|
235
|
+
description: `Compressed archive "${asset.name}" (${formatSize(asset.size)}) in release "${release.tagName}". .7z/.rar archives are used to evade antivirus scanning.`,
|
|
236
|
+
severity: "high",
|
|
237
|
+
recommendation: "Password-protected and compressed archives bypass AV detection. Inspect contents before extracting.",
|
|
238
|
+
});
|
|
239
|
+
}
|
|
240
|
+
// Size anomaly (> 50MB)
|
|
241
|
+
if (asset.size > 50 * 1024 * 1024) {
|
|
242
|
+
findings.push({
|
|
243
|
+
rule: "RELEASE_SIZE_ANOMALY",
|
|
244
|
+
description: `Large release artifact "${asset.name}" (${formatSize(asset.size)}). Unusually large files may contain bundled malware.`,
|
|
245
|
+
severity: "high",
|
|
246
|
+
recommendation: "Verify this file size is expected for the project.",
|
|
247
|
+
});
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
// Lure release names
|
|
251
|
+
const lowerReleaseName = (release.name || release.tagName).toLowerCase();
|
|
252
|
+
const lureKeywords = ["leaked", "cracked", "free", "unlocked", "keygen", "bypass", "premium", "enterprise"];
|
|
253
|
+
for (const keyword of lureKeywords) {
|
|
254
|
+
if (lowerReleaseName.includes(keyword)) {
|
|
255
|
+
findings.push({
|
|
256
|
+
rule: "RELEASE_NAME_LURE",
|
|
257
|
+
description: `Release "${release.name || release.tagName}" contains lure keyword "${keyword}". This is a social engineering tactic for malware distribution.`,
|
|
258
|
+
severity: "high",
|
|
259
|
+
recommendation: "Releases with piracy/crack language are almost always malware. Do not download.",
|
|
260
|
+
});
|
|
261
|
+
break;
|
|
262
|
+
}
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
return findings;
|
|
266
|
+
}
|
|
267
|
+
/**
|
|
268
|
+
* Scan README content for lure patterns.
|
|
269
|
+
*/
|
|
270
|
+
function scanReadmeLures(readmeContent, relativePath) {
|
|
271
|
+
const findings = [];
|
|
272
|
+
const lines = readmeContent.split("\n");
|
|
273
|
+
for (const pattern of patterns_js_1.LURE_PATTERNS) {
|
|
274
|
+
const regex = new RegExp(pattern.pattern, "i");
|
|
275
|
+
for (let i = 0; i < lines.length; i++) {
|
|
276
|
+
const line = lines[i] ?? "";
|
|
277
|
+
const match = regex.exec(line);
|
|
278
|
+
if (match) {
|
|
279
|
+
findings.push({
|
|
280
|
+
rule: pattern.rule,
|
|
281
|
+
description: pattern.description,
|
|
282
|
+
severity: pattern.severity,
|
|
283
|
+
file: relativePath,
|
|
284
|
+
line: i + 1,
|
|
285
|
+
match: match[0].length > 120
|
|
286
|
+
? match[0].substring(0, 120) + "..."
|
|
287
|
+
: match[0],
|
|
288
|
+
recommendation: getLureRecommendation(pattern.rule),
|
|
289
|
+
});
|
|
290
|
+
break; // One match per pattern per file
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
return findings;
|
|
295
|
+
}
|
|
296
|
+
function formatSize(bytes) {
|
|
297
|
+
if (bytes < 1024)
|
|
298
|
+
return `${bytes} B`;
|
|
299
|
+
if (bytes < 1024 * 1024)
|
|
300
|
+
return `${(bytes / 1024).toFixed(1)} KB`;
|
|
301
|
+
return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
|
|
302
|
+
}
|
|
303
|
+
function getLureRecommendation(rule) {
|
|
304
|
+
const map = {
|
|
305
|
+
README_LURE_LEAKED: "This README uses 'leaked' language to lure downloads. Verify the project's legitimacy before using.",
|
|
306
|
+
README_LURE_CRACK: "This README promises cracked/unlocked software. This is almost certainly malware. Do NOT download.",
|
|
307
|
+
README_LURE_URGENCY: "Urgency language in README is a social engineering tactic. Legitimate projects don't pressure downloads.",
|
|
308
|
+
CAMPAIGN_CLAUDE_LURE: "CRITICAL: This matches the April 2026 Claude Code malware campaign (Vidar/GhostSocks). Quarantine immediately.",
|
|
309
|
+
CAMPAIGN_AI_TOOL_LURE: "CRITICAL: This matches the 2026 fake AI tool campaign targeting developers. Do not use this code.",
|
|
310
|
+
FAKE_AI_TOOL_LURE: "Suspicious executable naming pattern matching malware campaigns. Verify file integrity.",
|
|
311
|
+
};
|
|
312
|
+
return map[rule] ?? "Review this content for social engineering tactics.";
|
|
313
|
+
}
|
|
314
|
+
//# sourceMappingURL=github-trust-scanner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github-trust-scanner.js","sourceRoot":"","sources":["../src/github-trust-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiIH,wCAQC;AAKD,gDAoKC;AAKD,0CAgCC;AArVD,2DAA8C;AAE9C,gDAAkC;AAElC,+CAA8C;AAC9C,yDAAqE;AA+BrE;;GAEG;AACH,SAAS,QAAQ;IACf,IAAI,CAAC;QACH,IAAA,6BAAQ,EAAC,cAAc,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAa,EAAE,IAAY;IACpD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,6BAAQ,EACnB,gBAAgB,KAAK,IAAI,IAAI,iQAAiQ,EAC9R,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;QACF,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE9B,0BAA0B;QAC1B,IAAI,cAAkC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,6BAAQ,EACxB,gBAAgB,KAAK,qBAAqB,EAC1C,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;YACF,cAAc,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAEtB,qBAAqB;QACrB,IAAI,WAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAA,6BAAQ,EACzB,gBAAgB,KAAK,IAAI,IAAI,mCAAmC,EAChE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;YACF,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAEtB,0BAA0B;QAC1B,IAAI,gBAAoC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAA,6BAAQ,EAC1B,gBAAgB,KAAK,IAAI,IAAI,wCAAwC,EACrE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;YACF,gBAAgB,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAEtB,OAAO;YACL,KAAK;YACL,IAAI,EAAE,IAAI;YACV,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC;YACtB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC;YACtB,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,CAAC;YAChC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK;YAC1B,cAAc;YACd,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,MAAM;YAC3C,WAAW;YACX,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa,EAAE,IAAY;IAChD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,6BAAQ,EACnB,gBAAgB,KAAK,IAAI,IAAI,iLAAiL,EAC9M,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,GAAW;IAEX,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CACrB,mDAAmD,CACpD,CAAC;IACF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,KAAa,EACb,IAAY;IAEZ,IAAI,CAAC,QAAQ,EAAE;QAAE,OAAO,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,iCAAiC;IACjC,IAAI,kDAA+B,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,8BAA8B;YACpC,WAAW,EAAE,qBAAqB,KAAK,wCAAwC;YAC/E,QAAQ,EAAE,UAAU;YACpB,cAAc,EACZ,iGAAiG;SACpG,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,CAAC,2BAA2B;IAC9C,CAAC;IAED,iBAAiB;IACjB,MAAM,IAAI,GAAG,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAE3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IACzD,MAAM,iBAAiB,GAAG,OAAO,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1D,oBAAoB;IACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,MAAM,UAAU,GACd,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,UAAU,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACvD,IAAI,WAAW,GAAG,EAAE,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,kBAAkB;gBACxB,WAAW,EAAE,+BAA+B,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,sDAAsD;gBACzH,QAAQ,EAAE,MAAM;gBAChB,cAAc,EACZ,2FAA2F;aAC9F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,iBAAiB,GAAG,EAAE,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,iBAAiB,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,kBAAkB,IAAI,CAAC,KAAK,sEAAsE;YAC7J,QAAQ,EAAE,MAAM;YAChB,cAAc,EACZ,uGAAuG;SAC1G,CAAC,CAAC;IACL,CAAC;IAED,qEAAqE;IACrE,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,EAAE,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,4BAA4B,IAAI,CAAC,KAAK,aAAa,IAAI,CAAC,KAAK,0DAA0D;YACpI,QAAQ,EAAE,MAAM;YAChB,cAAc,EACZ,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,IACE,IAAI,CAAC,gBAAgB,KAAK,SAAS;QACnC,IAAI,CAAC,gBAAgB,GAAG,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,GAAG,EAChB,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,QAAQ,IAAI,CAAC,gBAAgB,kCAAkC,IAAI,CAAC,KAAK,2EAA2E;YACjK,QAAQ,EAAE,QAAQ;YAClB,cAAc,EACZ,kFAAkF;SACrF,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,UAAU,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,cAAc,mBAAmB,IAAI,CAAC,KAAK,gEAAgE;YACzK,QAAQ,EAAE,QAAQ;YAClB,cAAc,EACZ,+EAA+E;SAClF,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;QAC/E,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,oBAAoB;YAC1B,WAAW,EAAE,QAAQ,IAAI,CAAC,WAAW,6BAA6B,IAAI,CAAC,KAAK,0DAA0D;YACtI,QAAQ,EAAE,MAAM;YAChB,cAAc,EACZ,2FAA2F;SAC9F,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,uBAAuB;QACvB,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAChF,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAEpC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEpC,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,oBAAoB,KAAK,CAAC,IAAI,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,OAAO,oDAAoD;oBAC3J,QAAQ,EAAE,UAAU;oBACpB,cAAc,EACZ,sGAAsG;iBACzG,CAAC,CAAC;YACL,CAAC;YAED,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,oBAAoB;oBAC1B,WAAW,EAAE,uBAAuB,KAAK,CAAC,IAAI,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,OAAO,4DAA4D;oBACtK,QAAQ,EAAE,MAAM;oBAChB,cAAc,EACZ,qGAAqG;iBACxG,CAAC,CAAC;YACL,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,2BAA2B,KAAK,CAAC,IAAI,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,uDAAuD;oBACrI,QAAQ,EAAE,MAAM;oBAChB,cAAc,EACZ,oDAAoD;iBACvD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,gBAAgB,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QACzE,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;QAC5G,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,mBAAmB;oBACzB,WAAW,EAAE,YAAY,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,4BAA4B,OAAO,kEAAkE;oBAC7J,QAAQ,EAAE,MAAM;oBAChB,cAAc,EACZ,iFAAiF;iBACpF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,aAAqB,EACrB,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,2BAAa,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EACH,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG;wBACnB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;wBACpC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;oBACd,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,IAAI,CAAC;iBACpD,CAAC,CAAC;gBACH,MAAM,CAAC,iCAAiC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,GAAG,KAAK,IAAI,CAAC;IACtC,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAClE,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;AACpD,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,GAAG,GAA2B;QAClC,kBAAkB,EAChB,qGAAqG;QACvG,iBAAiB,EACf,oGAAoG;QACtG,mBAAmB,EACjB,0GAA0G;QAC5G,oBAAoB,EAClB,gHAAgH;QAClH,qBAAqB,EACnB,mGAAmG;QACrG,iBAAiB,EACf,yFAAyF;KAC5F,CAAC;IACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAqD,CAAC;AAC5E,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -19,5 +19,7 @@ export { scanGitSecurity } from "./git-scanner.js";
|
|
|
19
19
|
export { analyzeEntropy, shannonEntropy } from "./entropy.js";
|
|
20
20
|
export { scanCargoFiles } from "./cargo-scanner.js";
|
|
21
21
|
export { scanGoFiles } from "./go-scanner.js";
|
|
22
|
+
export { checkIOCBlocklist, checkBadVersion } from "./ioc-blocklist.js";
|
|
23
|
+
export { analyzeGitHubTrust, parseGitHubUrl, scanReadmeLures } from "./github-trust-scanner.js";
|
|
22
24
|
export type { Finding, ScanReport, ScanOptions, ScanSummary, Severity, NpmPackageInfo, SolanaMonitorOptions, SolanaTransaction, PatternEntry, WatchlistEntry, WatchlistConfig, WatchlistAlert, } from "./types.js";
|
|
23
25
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,aAAa,EACb,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,GACf,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,aAAa,EACb,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAChG,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,GACf,MAAM,YAAY,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
* Detects GlassWorm and similar malware campaigns.
|
|
7
7
|
*/
|
|
8
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
-
exports.scanGoFiles = exports.scanCargoFiles = exports.shannonEntropy = exports.analyzeEntropy = exports.scanGitSecurity = exports.scanConfigFile = exports.scanConfigFiles = exports.scanDockerFile = exports.scanDockerFiles = exports.scanGitHubActionsWorkflows = exports.checkLockfile = exports.formatReport = exports.monitorWatchlist = exports.listWatchlist = exports.removeFromWatchlist = exports.addToWatchlist = exports.saveWatchlist = exports.loadWatchlist = exports.formatAlert = exports.checkWallet = exports.monitorWallet = exports.scanDependencyConfusion = exports.scanVscodeExtension = exports.scanPypiPackage = exports.scanNpmPackage = exports.scan = void 0;
|
|
9
|
+
exports.scanReadmeLures = exports.parseGitHubUrl = exports.analyzeGitHubTrust = exports.checkBadVersion = exports.checkIOCBlocklist = exports.scanGoFiles = exports.scanCargoFiles = exports.shannonEntropy = exports.analyzeEntropy = exports.scanGitSecurity = exports.scanConfigFile = exports.scanConfigFiles = exports.scanDockerFile = exports.scanDockerFiles = exports.scanGitHubActionsWorkflows = exports.checkLockfile = exports.formatReport = exports.monitorWatchlist = exports.listWatchlist = exports.removeFromWatchlist = exports.addToWatchlist = exports.saveWatchlist = exports.loadWatchlist = exports.formatAlert = exports.checkWallet = exports.monitorWallet = exports.scanDependencyConfusion = exports.scanVscodeExtension = exports.scanPypiPackage = exports.scanNpmPackage = exports.scan = void 0;
|
|
10
10
|
var scanner_js_1 = require("./scanner.js");
|
|
11
11
|
Object.defineProperty(exports, "scan", { enumerable: true, get: function () { return scanner_js_1.scan; } });
|
|
12
12
|
var npm_scanner_js_1 = require("./npm-scanner.js");
|
|
@@ -48,4 +48,11 @@ var cargo_scanner_js_1 = require("./cargo-scanner.js");
|
|
|
48
48
|
Object.defineProperty(exports, "scanCargoFiles", { enumerable: true, get: function () { return cargo_scanner_js_1.scanCargoFiles; } });
|
|
49
49
|
var go_scanner_js_1 = require("./go-scanner.js");
|
|
50
50
|
Object.defineProperty(exports, "scanGoFiles", { enumerable: true, get: function () { return go_scanner_js_1.scanGoFiles; } });
|
|
51
|
+
var ioc_blocklist_js_1 = require("./ioc-blocklist.js");
|
|
52
|
+
Object.defineProperty(exports, "checkIOCBlocklist", { enumerable: true, get: function () { return ioc_blocklist_js_1.checkIOCBlocklist; } });
|
|
53
|
+
Object.defineProperty(exports, "checkBadVersion", { enumerable: true, get: function () { return ioc_blocklist_js_1.checkBadVersion; } });
|
|
54
|
+
var github_trust_scanner_js_1 = require("./github-trust-scanner.js");
|
|
55
|
+
Object.defineProperty(exports, "analyzeGitHubTrust", { enumerable: true, get: function () { return github_trust_scanner_js_1.analyzeGitHubTrust; } });
|
|
56
|
+
Object.defineProperty(exports, "parseGitHubUrl", { enumerable: true, get: function () { return github_trust_scanner_js_1.parseGitHubUrl; } });
|
|
57
|
+
Object.defineProperty(exports, "scanReadmeLures", { enumerable: true, get: function () { return github_trust_scanner_js_1.scanReadmeLures; } });
|
|
51
58
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,2CAAoC;AAA3B,kGAAA,IAAI,OAAA;AACb,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,yDAA0D;AAAjD,wHAAA,mBAAmB,OAAA;AAC5B,qEAAoE;AAA3D,kIAAA,uBAAuB,OAAA;AAChC,yDAU6B;AAT3B,kHAAA,aAAa,OAAA;AACb,gHAAA,WAAW,OAAA;AACX,gHAAA,WAAW,OAAA;AACX,kHAAA,aAAa,OAAA;AACb,kHAAA,aAAa,OAAA;AACb,mHAAA,cAAc,OAAA;AACd,wHAAA,mBAAmB,OAAA;AACnB,kHAAA,aAAa,OAAA;AACb,qHAAA,gBAAgB,OAAA;AAElB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AACrB,6DAAsD;AAA7C,oHAAA,aAAa,OAAA;AACtB,yEAAyE;AAAhE,uIAAA,0BAA0B,OAAA;AACnC,iEAA0E;AAAjE,wHAAA,eAAe,OAAA;AAAE,uHAAA,cAAc,OAAA;AACxC,yDAAsE;AAA7D,oHAAA,eAAe,OAAA;AAAE,mHAAA,cAAc,OAAA;AACxC,mDAAmD;AAA1C,iHAAA,eAAe,OAAA;AACxB,2CAA8D;AAArD,4GAAA,cAAc,OAAA;AAAE,4GAAA,cAAc,OAAA;AACvC,uDAAoD;AAA3C,kHAAA,cAAc,OAAA;AACvB,iDAA8C;AAArC,4GAAA,WAAW,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,2CAAoC;AAA3B,kGAAA,IAAI,OAAA;AACb,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,yDAA0D;AAAjD,wHAAA,mBAAmB,OAAA;AAC5B,qEAAoE;AAA3D,kIAAA,uBAAuB,OAAA;AAChC,yDAU6B;AAT3B,kHAAA,aAAa,OAAA;AACb,gHAAA,WAAW,OAAA;AACX,gHAAA,WAAW,OAAA;AACX,kHAAA,aAAa,OAAA;AACb,kHAAA,aAAa,OAAA;AACb,mHAAA,cAAc,OAAA;AACd,wHAAA,mBAAmB,OAAA;AACnB,kHAAA,aAAa,OAAA;AACb,qHAAA,gBAAgB,OAAA;AAElB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AACrB,6DAAsD;AAA7C,oHAAA,aAAa,OAAA;AACtB,yEAAyE;AAAhE,uIAAA,0BAA0B,OAAA;AACnC,iEAA0E;AAAjE,wHAAA,eAAe,OAAA;AAAE,uHAAA,cAAc,OAAA;AACxC,yDAAsE;AAA7D,oHAAA,eAAe,OAAA;AAAE,mHAAA,cAAc,OAAA;AACxC,mDAAmD;AAA1C,iHAAA,eAAe,OAAA;AACxB,2CAA8D;AAArD,4GAAA,cAAc,OAAA;AAAE,4GAAA,cAAc,OAAA;AACvC,uDAAoD;AAA3C,kHAAA,cAAc,OAAA;AACvB,iDAA8C;AAArC,4GAAA,WAAW,OAAA;AACpB,uDAAwE;AAA/D,qHAAA,iBAAiB,OAAA;AAAE,mHAAA,eAAe,OAAA;AAC3C,qEAAgG;AAAvF,6HAAA,kBAAkB,OAAA;AAAE,yHAAA,cAAc,OAAA;AAAE,0HAAA,eAAe,OAAA"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Known Indicators of Compromise (IOC) blocklist.
|
|
3
|
+
*
|
|
4
|
+
* Contains known malicious domains, IPs, hashes, GitHub accounts,
|
|
5
|
+
* and compromised package versions. Updated as new threats emerge.
|
|
6
|
+
*/
|
|
7
|
+
export declare const KNOWN_C2_DOMAINS: string[];
|
|
8
|
+
export declare const KNOWN_C2_IPS: string[];
|
|
9
|
+
export declare const KNOWN_DEAD_DROPS: string[];
|
|
10
|
+
export declare const KNOWN_MALICIOUS_HASHES: Record<string, string>;
|
|
11
|
+
export declare const KNOWN_MALICIOUS_GITHUB_ACCOUNTS: string[];
|
|
12
|
+
export declare const KNOWN_BAD_NPM_VERSIONS: Record<string, {
|
|
13
|
+
versions: string[];
|
|
14
|
+
description: string;
|
|
15
|
+
}>;
|
|
16
|
+
export declare const KNOWN_BAD_PYPI_VERSIONS: Record<string, {
|
|
17
|
+
versions: string[];
|
|
18
|
+
description: string;
|
|
19
|
+
}>;
|
|
20
|
+
import type { Finding } from "./types.js";
|
|
21
|
+
/**
|
|
22
|
+
* Check content against known IOC blocklists.
|
|
23
|
+
*/
|
|
24
|
+
export declare function checkIOCBlocklist(content: string, relativePath: string): Finding[];
|
|
25
|
+
/**
|
|
26
|
+
* Check a package name + version against the known-bad blocklist.
|
|
27
|
+
*/
|
|
28
|
+
export declare function checkBadVersion(name: string, version: string, ecosystem: "npm" | "pypi"): Finding | null;
|
|
29
|
+
//# sourceMappingURL=ioc-blocklist.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ioc-blocklist.d.ts","sourceRoot":"","sources":["../src/ioc-blocklist.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,eAAO,MAAM,gBAAgB,EAAE,MAAM,EAMpC,CAAC;AAMF,eAAO,MAAM,YAAY,EAAE,MAAM,EAIhC,CAAC;AAMF,eAAO,MAAM,gBAAgB,EAAE,MAAM,EAKpC,CAAC;AAMF,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAQzD,CAAC;AAMF,eAAO,MAAM,+BAA+B,EAAE,MAAM,EAInD,CAAC;AAMF,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAiC9F,CAAC;AAMF,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAK/F,CAAC;AAMF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1C;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CA8EX;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,KAAK,GAAG,MAAM,GACxB,OAAO,GAAG,IAAI,CAiBhB"}
|