supply-chain-guard 4.0.0 → 4.2.0

package/dist/github-trust-scanner.js

@@ -0,0 +1,314 @@
+"use strict";
+/**
+ * GitHub repository trust signal scanner.
+ *
+ * Analyzes GitHub repo metadata for indicators of fake/malicious repos:
+ * star-farming, new accounts, suspicious releases, lure READMEs, etc.
+ * Uses `gh` CLI for API access (no token configuration needed).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseGitHubUrl = parseGitHubUrl;
+exports.analyzeGitHubTrust = analyzeGitHubTrust;
+exports.scanReadmeLures = scanReadmeLures;
+const node_child_process_1 = require("node:child_process");
+const path = __importStar(require("node:path"));
+const patterns_js_1 = require("./patterns.js");
+const ioc_blocklist_js_1 = require("./ioc-blocklist.js");
+/**
+ * Check if `gh` CLI is available.
+ */
+function hasGhCli() {
+    try {
+        (0, node_child_process_1.execSync)("gh --version", { stdio: "pipe" });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Fetch repo metadata via `gh api`.
+ */
+function fetchRepoMetadata(owner, repo) {
+    try {
+        const json = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo} --jq '{stars: .stargazers_count, forks: .forks_count, openIssues: .open_issues_count, hasIssues: .has_issues, createdAt: .created_at, pushedAt: .pushed_at, isOrg: (.owner.type == "Organization"), ownerLogin: .owner.login, defaultBranch: .default_branch}'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+        const data = JSON.parse(json);
+        // Fetch owner account age
+        let ownerCreatedAt;
+        try {
+            const ownerJson = (0, node_child_process_1.execSync)(`gh api users/${owner} --jq '.created_at'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+            ownerCreatedAt = ownerJson.trim();
+        }
+        catch { /* skip */ }
+        // Fetch commit count
+        let commitCount;
+        try {
+            const commitJson = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo}/commits?per_page=1 --jq 'length'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+            commitCount = parseInt(commitJson.trim(), 10);
+        }
+        catch { /* skip */ }
+        // Fetch contributor count
+        let contributorCount;
+        try {
+            const contribJson = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo}/contributors?per_page=5 --jq 'length'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+            contributorCount = parseInt(contribJson.trim(), 10);
+        }
+        catch { /* skip */ }
+        return {
+            owner,
+            name: repo,
+            stars: data.stars ?? 0,
+            forks: data.forks ?? 0,
+            openIssues: data.openIssues ?? 0,
+            hasIssues: data.hasIssues ?? true,
+            createdAt: data.createdAt ?? "",
+            pushedAt: data.pushedAt ?? "",
+            isOrg: data.isOrg ?? false,
+            ownerCreatedAt,
+            defaultBranch: data.defaultBranch ?? "main",
+            commitCount,
+            contributorCount,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Fetch release info via `gh api`.
+ */
+function fetchReleases(owner, repo) {
+    try {
+        const json = (0, node_child_process_1.execSync)(`gh api repos/${owner}/${repo}/releases?per_page=5 --jq '[.[] | {tagName: .tag_name, name: .name, createdAt: .created_at, assets: [.assets[] | {name: .name, size: .size, downloadCount: .download_count}]}]'`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+        return JSON.parse(json);
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Parse a GitHub URL into owner/repo.
+ */
+function parseGitHubUrl(url) {
+    const match = url.match(/github\.com\/([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)/);
+    if (!match)
+        return null;
+    return { owner: match[1], repo: match[2].replace(/\.git$/, "") };
+}
+/**
+ * Analyze a GitHub repo for trust signals.
+ */
+function analyzeGitHubTrust(owner, repo) {
+    if (!hasGhCli())
+        return [];
+    const findings = [];
+    // Check known malicious accounts
+    if (ioc_blocklist_js_1.KNOWN_MALICIOUS_GITHUB_ACCOUNTS.includes(owner.toLowerCase())) {
+        findings.push({
+            rule: "REPO_KNOWN_MALICIOUS_ACCOUNT",
+            description: `Repository owner "${owner}" is a known malicious GitHub account.`,
+            severity: "critical",
+            recommendation: "Do not use code from this repository. This account has been identified as distributing malware.",
+        });
+        return findings; // No need to check further
+    }
+    // Fetch metadata
+    const meta = fetchRepoMetadata(owner, repo);
+    if (!meta)
+        return findings;
+    const now = Date.now();
+    const repoAge = now - new Date(meta.createdAt).getTime();
+    const daysSinceCreation = repoAge / (1000 * 60 * 60 * 24);
+    // Account age check
+    if (meta.ownerCreatedAt) {
+        const accountAge = now - new Date(meta.ownerCreatedAt).getTime();
+        const accountDays = accountAge / (1000 * 60 * 60 * 24);
+        if (accountDays < 90) {
+            findings.push({
+                rule: "REPO_NEW_ACCOUNT",
+                description: `Repository owner account is ${Math.round(accountDays)} days old (< 90 days). New accounts are higher risk.`,
+                severity: "high",
+                recommendation: "Exercise caution with code from newly created accounts. Verify the maintainer's identity.",
+            });
+        }
+    }
+    // Repo recently created with many stars
+    if (daysSinceCreation < 30 && meta.stars > 50) {
+        findings.push({
+            rule: "REPO_RECENT_CREATION",
+            description: `Repository is ${Math.round(daysSinceCreation)} days old with ${meta.stars} stars. Rapid star growth on a new repo is a star-farming indicator.`,
+            severity: "high",
+            recommendation: "Star-farming bots inflate stars on malicious repos. Verify the repo's legitimacy through code review.",
+        });
+    }
+    // Star/fork ratio check (forks > stars is unusual for organic repos)
+    if (meta.stars > 20 && meta.forks > meta.stars * 1.5) {
+        findings.push({
+            rule: "REPO_STAR_FORK_RATIO",
+            description: `Unusual star/fork ratio: ${meta.stars} stars vs ${meta.forks} forks. More forks than stars can indicate bot activity.`,
+            severity: "high",
+            recommendation: "Check if forks are from real, active accounts or star-farming bots.",
+        });
+    }
+    // Few contributors on popular repo
+    if (meta.contributorCount !== undefined &&
+        meta.contributorCount < 2 &&
+        meta.stars > 100) {
+        findings.push({
+            rule: "REPO_FEW_CONTRIBUTORS",
+            description: `Only ${meta.contributorCount} contributor(s) on a repo with ${meta.stars} stars. Legitimate popular projects typically have multiple contributors.`,
+            severity: "medium",
+            recommendation: "Single-contributor repos with high stars may be fake. Check contributor history.",
+        });
+    }
+    // No issues on popular repo
+    if (!meta.hasIssues || (meta.openIssues === 0 && meta.stars > 50)) {
+        findings.push({
+            rule: "REPO_NO_ISSUES",
+            description: `Issues ${meta.hasIssues ? "have 0 open items" : "are disabled"} on a repo with ${meta.stars} stars. Malicious repos often disable issues to avoid reports.`,
+            severity: "medium",
+            recommendation: "Legitimate projects encourage issue reporting. Disabled issues is a red flag.",
+        });
+    }
+    // Single commit repos
+    if (meta.commitCount !== undefined && meta.commitCount <= 2 && meta.stars > 10) {
+        findings.push({
+            rule: "REPO_SINGLE_COMMIT",
+            description: `Only ${meta.commitCount} commit(s) in a repo with ${meta.stars} stars. Malware repos are typically single-commit drops.`,
+            severity: "high",
+            recommendation: "Single-commit repos with stars are a strong malware indicator. Review the commit content.",
+        });
+    }
+    // Check releases for suspicious artifacts
+    const releases = fetchReleases(owner, repo);
+    for (const release of releases) {
+        // Executable artifacts
+        const suspiciousExts = [".exe", ".msi", ".bat", ".cmd", ".ps1", ".scr", ".com"];
+        const archiveExts = [".7z", ".rar"];
+        for (const asset of release.assets) {
+            const lowerName = asset.name.toLowerCase();
+            const ext = path.extname(lowerName);
+            if (suspiciousExts.includes(ext)) {
+                findings.push({
+                    rule: "RELEASE_EXE_ARTIFACT",
+                    description: `Executable file "${asset.name}" (${formatSize(asset.size)}) in release "${release.tagName}". GitHub releases should not contain executables.`,
+                    severity: "critical",
+                    recommendation: "Do NOT download this file. Executables in GitHub releases are a primary malware distribution vector.",
+                });
+            }
+            if (archiveExts.includes(ext)) {
+                findings.push({
+                    rule: "RELEASE_7Z_ARCHIVE",
+                    description: `Compressed archive "${asset.name}" (${formatSize(asset.size)}) in release "${release.tagName}". .7z/.rar archives are used to evade antivirus scanning.`,
+                    severity: "high",
+                    recommendation: "Password-protected and compressed archives bypass AV detection. Inspect contents before extracting.",
+                });
+            }
+            // Size anomaly (> 50MB)
+            if (asset.size > 50 * 1024 * 1024) {
+                findings.push({
+                    rule: "RELEASE_SIZE_ANOMALY",
+                    description: `Large release artifact "${asset.name}" (${formatSize(asset.size)}). Unusually large files may contain bundled malware.`,
+                    severity: "high",
+                    recommendation: "Verify this file size is expected for the project.",
+                });
+            }
+        }
+        // Lure release names
+        const lowerReleaseName = (release.name || release.tagName).toLowerCase();
+        const lureKeywords = ["leaked", "cracked", "free", "unlocked", "keygen", "bypass", "premium", "enterprise"];
+        for (const keyword of lureKeywords) {
+            if (lowerReleaseName.includes(keyword)) {
+                findings.push({
+                    rule: "RELEASE_NAME_LURE",
+                    description: `Release "${release.name || release.tagName}" contains lure keyword "${keyword}". This is a social engineering tactic for malware distribution.`,
+                    severity: "high",
+                    recommendation: "Releases with piracy/crack language are almost always malware. Do not download.",
+                });
+                break;
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Scan README content for lure patterns.
+ */
+function scanReadmeLures(readmeContent, relativePath) {
+    const findings = [];
+    const lines = readmeContent.split("\n");
+    for (const pattern of patterns_js_1.LURE_PATTERNS) {
+        const regex = new RegExp(pattern.pattern, "i");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i] ?? "";
+            const match = regex.exec(line);
+            if (match) {
+                findings.push({
+                    rule: pattern.rule,
+                    description: pattern.description,
+                    severity: pattern.severity,
+                    file: relativePath,
+                    line: i + 1,
+                    match: match[0].length > 120
+                        ? match[0].substring(0, 120) + "..."
+                        : match[0],
+                    recommendation: getLureRecommendation(pattern.rule),
+                });
+                break; // One match per pattern per file
+            }
+        }
+    }
+    return findings;
+}
+function formatSize(bytes) {
+    if (bytes < 1024)
+        return `${bytes} B`;
+    if (bytes < 1024 * 1024)
+        return `${(bytes / 1024).toFixed(1)} KB`;
+    return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+}
+function getLureRecommendation(rule) {
+    const map = {
+        README_LURE_LEAKED: "This README uses 'leaked' language to lure downloads. Verify the project's legitimacy before using.",
+        README_LURE_CRACK: "This README promises cracked/unlocked software. This is almost certainly malware. Do NOT download.",
+        README_LURE_URGENCY: "Urgency language in README is a social engineering tactic. Legitimate projects don't pressure downloads.",
+        CAMPAIGN_CLAUDE_LURE: "CRITICAL: This matches the April 2026 Claude Code malware campaign (Vidar/GhostSocks). Quarantine immediately.",
+        CAMPAIGN_AI_TOOL_LURE: "CRITICAL: This matches the 2026 fake AI tool campaign targeting developers. Do not use this code.",
+        FAKE_AI_TOOL_LURE: "Suspicious executable naming pattern matching malware campaigns. Verify file integrity.",
+    };
+    return map[rule] ?? "Review this content for social engineering tactics.";
+}
+//# sourceMappingURL=github-trust-scanner.js.map

package/dist/github-trust-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-trust-scanner.js","sourceRoot":"","sources":["../src/github-trust-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiIH,wCAQC;AAKD,gDAoKC;AAKD,0CAgCC;AArVD,2DAA8C;AAE9C,gDAAkC;AAElC,+CAA8C;AAC9C,yDAAqE;AA+BrE;;GAEG;AACH,SAAS,QAAQ;IACf,IAAI,CAAC;QACH,IAAA,6BAAQ,EAAC,cAAc,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAa,EAAE,IAAY;IACpD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,6BAAQ,EACnB,gBAAgB,KAAK,IAAI,IAAI,iQAAiQ,EAC9R,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;QACF,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE9B,0BAA0B;QAC1B,IAAI,cAAkC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,6BAAQ,EACxB,gBAAgB,KAAK,qBAAqB,EAC1C,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;YACF,cAAc,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAEtB,qBAAqB;QACrB,IAAI,WAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAA,6BAAQ,EACzB,gBAAgB,KAAK,IAAI,IAAI,mCAAmC,EAChE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;YACF,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAEtB,0BAA0B;QAC1B,IAAI,gBAAoC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAA,6BAAQ,EAC1B,gBAAgB,KAAK,IAAI,IAAI,wCAAwC,EACrE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;YACF,gBAAgB,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QAEtB,OAAO;YACL,KAAK;YACL,IAAI,EAAE,IAAI;YACV,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC;YACtB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC;YACtB,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,CAAC;YAChC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,KAAK;YAC1B,cAAc;YACd,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,MAAM;YAC3C,WAAW;YACX,gBAAgB;SACjB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa,EAAE,IAAY;IAChD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,6BAAQ,EACnB,gBAAgB,KAAK,IAAI,IAAI,iLAAiL,EAC9M,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACvD,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,GAAW;IAEX,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CACrB,mDAAmD,CACpD,CAAC;IACF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,KAAa,EACb,IAAY;IAEZ,IAAI,CAAC,QAAQ,EAAE;QAAE,OAAO,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,iCAAiC;IACjC,IAAI,kDAA+B,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,8BAA8B;YACpC,WAAW,EAAE,qBAAqB,KAAK,wCAAwC;YAC/E,QAAQ,EAAE,UAAU;YACpB,cAAc,EACZ,iGAAiG;SACpG,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,CAAC,2BAA2B;IAC9C,CAAC;IAED,iBAAiB;IACjB,MAAM,IAAI,GAAG,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAE3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IACzD,MAAM,iBAAiB,GAAG,OAAO,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAE1D,oBAAoB;IACpB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,MAAM,UAAU,GACd,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,UAAU,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACvD,IAAI,WAAW,GAAG,EAAE,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,kBAAkB;gBACxB,WAAW,EAAE,+BAA+B,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,sDAAsD;gBACzH,QAAQ,EAAE,MAAM;gBAChB,cAAc,EACZ,2FAA2F;aAC9F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,iBAAiB,GAAG,EAAE,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,iBAAiB,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,kBAAkB,IAAI,CAAC,KAAK,sEAAsE;YAC7J,QAAQ,EAAE,MAAM;YAChB,cAAc,EACZ,uGAAuG;SAC1G,CAAC,CAAC;IACL,CAAC;IAED,qEAAqE;IACrE,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,EAAE,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,4BAA4B,IAAI,CAAC,KAAK,aAAa,IAAI,CAAC,KAAK,0DAA0D;YACpI,QAAQ,EAAE,MAAM;YAChB,cAAc,EACZ,qEAAqE;SACxE,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,IACE,IAAI,CAAC,gBAAgB,KAAK,SAAS;QACnC,IAAI,CAAC,gBAAgB,GAAG,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,GAAG,EAChB,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,QAAQ,IAAI,CAAC,gBAAgB,kCAAkC,IAAI,CAAC,KAAK,2EAA2E;YACjK,QAAQ,EAAE,QAAQ;YAClB,cAAc,EACZ,kFAAkF;SACrF,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,UAAU,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,cAAc,mBAAmB,IAAI,CAAC,KAAK,gEAAgE;YACzK,QAAQ,EAAE,QAAQ;YAClB,cAAc,EACZ,+EAA+E;SAClF,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;QAC/E,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,oBAAoB;YAC1B,WAAW,EAAE,QAAQ,IAAI,CAAC,WAAW,6BAA6B,IAAI,CAAC,KAAK,0DAA0D;YACtI,QAAQ,EAAE,MAAM;YAChB,cAAc,EACZ,2FAA2F;SAC9F,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,uBAAuB;QACvB,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAChF,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAEpC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAEpC,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,oBAAoB,KAAK,CAAC,IAAI,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,OAAO,oDAAoD;oBAC3J,QAAQ,EAAE,UAAU;oBACpB,cAAc,EACZ,sGAAsG;iBACzG,CAAC,CAAC;YACL,CAAC;YAED,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,oBAAoB;oBAC1B,WAAW,EAAE,uBAAuB,KAAK,CAAC,IAAI,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,OAAO,4DAA4D;oBACtK,QAAQ,EAAE,MAAM;oBAChB,cAAc,EACZ,qGAAqG;iBACxG,CAAC,CAAC;YACL,CAAC;YAED,wBAAwB;YACxB,IAAI,KAAK,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,2BAA2B,KAAK,CAAC,IAAI,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,uDAAuD;oBACrI,QAAQ,EAAE,MAAM;oBAChB,cAAc,EACZ,oDAAoD;iBACvD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,gBAAgB,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QACzE,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;QAC5G,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,mBAAmB;oBACzB,WAAW,EAAE,YAAY,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,4BAA4B,OAAO,kEAAkE;oBAC7J,QAAQ,EAAE,MAAM;oBAChB,cAAc,EACZ,iFAAiF;iBACpF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,aAAqB,EACrB,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,2BAAa,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EACH,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG;wBACnB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;wBACpC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;oBACd,cAAc,EAAE,qBAAqB,CAAC,OAAO,CAAC,IAAI,CAAC;iBACpD,CAAC,CAAC;gBACH,MAAM,CAAC,iCAAiC;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,GAAG,KAAK,IAAI,CAAC;IACtC,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAClE,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;AACpD,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,GAAG,GAA2B;QAClC,kBAAkB,EAChB,qGAAqG;QACvG,iBAAiB,EACf,oGAAoG;QACtG,mBAAmB,EACjB,0GAA0G;QAC5G,oBAAoB,EAClB,gHAAgH;QAClH,qBAAqB,EACnB,mGAAmG;QACrG,iBAAiB,EACf,yFAAyF;KAC5F,CAAC;IACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,qDAAqD,CAAC;AAC5E,CAAC"}

package/dist/index.d.ts

@@ -19,5 +19,13 @@ export { scanGitSecurity } from "./git-scanner.js";
 export { analyzeEntropy, shannonEntropy } from "./entropy.js";
 export { scanCargoFiles } from "./cargo-scanner.js";
 export { scanGoFiles } from "./go-scanner.js";
+export { checkIOCBlocklist, checkBadVersion } from "./ioc-blocklist.js";
+export { analyzeGitHubTrust, parseGitHubUrl, scanReadmeLures } from "./github-trust-scanner.js";
+export { analyzeInstallHooks } from "./install-hook-scanner.js";
+export { analyzeDependencyRisks, levenshtein } from "./dependency-risk-analyzer.js";
+export { analyzePublishingAnomalies } from "./publishing-anomaly-detector.js";
+export { scanReleaseArtifacts } from "./release-scanner.js";
+export { correlateFindings } from "./correlation-engine.js";
+export { calculateTrustBreakdown } from "./trust-breakdown.js";
 export type { Finding, ScanReport, ScanOptions, ScanSummary, Severity, NpmPackageInfo, SolanaMonitorOptions, SolanaTransaction, PatternEntry, WatchlistEntry, WatchlistConfig, WatchlistAlert, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,aAAa,EACb,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,GACf,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,aAAa,EACb,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -6,7 +6,7 @@
  * Detects GlassWorm and similar malware campaigns.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.scanGoFiles = exports.scanCargoFiles = exports.shannonEntropy = exports.analyzeEntropy = exports.scanGitSecurity = exports.scanConfigFile = exports.scanConfigFiles = exports.scanDockerFile = exports.scanDockerFiles = exports.scanGitHubActionsWorkflows = exports.checkLockfile = exports.formatReport = exports.monitorWatchlist = exports.listWatchlist = exports.removeFromWatchlist = exports.addToWatchlist = exports.saveWatchlist = exports.loadWatchlist = exports.formatAlert = exports.checkWallet = exports.monitorWallet = exports.scanDependencyConfusion = exports.scanVscodeExtension = exports.scanPypiPackage = exports.scanNpmPackage = exports.scan = void 0;
+exports.calculateTrustBreakdown = exports.correlateFindings = exports.scanReleaseArtifacts = exports.analyzePublishingAnomalies = exports.levenshtein = exports.analyzeDependencyRisks = exports.analyzeInstallHooks = exports.scanReadmeLures = exports.parseGitHubUrl = exports.analyzeGitHubTrust = exports.checkBadVersion = exports.checkIOCBlocklist = exports.scanGoFiles = exports.scanCargoFiles = exports.shannonEntropy = exports.analyzeEntropy = exports.scanGitSecurity = exports.scanConfigFile = exports.scanConfigFiles = exports.scanDockerFile = exports.scanDockerFiles = exports.scanGitHubActionsWorkflows = exports.checkLockfile = exports.formatReport = exports.monitorWatchlist = exports.listWatchlist = exports.removeFromWatchlist = exports.addToWatchlist = exports.saveWatchlist = exports.loadWatchlist = exports.formatAlert = exports.checkWallet = exports.monitorWallet = exports.scanDependencyConfusion = exports.scanVscodeExtension = exports.scanPypiPackage = exports.scanNpmPackage = exports.scan = void 0;
 var scanner_js_1 = require("./scanner.js");
 Object.defineProperty(exports, "scan", { enumerable: true, get: function () { return scanner_js_1.scan; } });
 var npm_scanner_js_1 = require("./npm-scanner.js");
@@ -48,4 +48,24 @@ var cargo_scanner_js_1 = require("./cargo-scanner.js");
 Object.defineProperty(exports, "scanCargoFiles", { enumerable: true, get: function () { return cargo_scanner_js_1.scanCargoFiles; } });
 var go_scanner_js_1 = require("./go-scanner.js");
 Object.defineProperty(exports, "scanGoFiles", { enumerable: true, get: function () { return go_scanner_js_1.scanGoFiles; } });
+var ioc_blocklist_js_1 = require("./ioc-blocklist.js");
+Object.defineProperty(exports, "checkIOCBlocklist", { enumerable: true, get: function () { return ioc_blocklist_js_1.checkIOCBlocklist; } });
+Object.defineProperty(exports, "checkBadVersion", { enumerable: true, get: function () { return ioc_blocklist_js_1.checkBadVersion; } });
+var github_trust_scanner_js_1 = require("./github-trust-scanner.js");
+Object.defineProperty(exports, "analyzeGitHubTrust", { enumerable: true, get: function () { return github_trust_scanner_js_1.analyzeGitHubTrust; } });
+Object.defineProperty(exports, "parseGitHubUrl", { enumerable: true, get: function () { return github_trust_scanner_js_1.parseGitHubUrl; } });
+Object.defineProperty(exports, "scanReadmeLures", { enumerable: true, get: function () { return github_trust_scanner_js_1.scanReadmeLures; } });
+var install_hook_scanner_js_1 = require("./install-hook-scanner.js");
+Object.defineProperty(exports, "analyzeInstallHooks", { enumerable: true, get: function () { return install_hook_scanner_js_1.analyzeInstallHooks; } });
+var dependency_risk_analyzer_js_1 = require("./dependency-risk-analyzer.js");
+Object.defineProperty(exports, "analyzeDependencyRisks", { enumerable: true, get: function () { return dependency_risk_analyzer_js_1.analyzeDependencyRisks; } });
+Object.defineProperty(exports, "levenshtein", { enumerable: true, get: function () { return dependency_risk_analyzer_js_1.levenshtein; } });
+var publishing_anomaly_detector_js_1 = require("./publishing-anomaly-detector.js");
+Object.defineProperty(exports, "analyzePublishingAnomalies", { enumerable: true, get: function () { return publishing_anomaly_detector_js_1.analyzePublishingAnomalies; } });
+var release_scanner_js_1 = require("./release-scanner.js");
+Object.defineProperty(exports, "scanReleaseArtifacts", { enumerable: true, get: function () { return release_scanner_js_1.scanReleaseArtifacts; } });
+var correlation_engine_js_1 = require("./correlation-engine.js");
+Object.defineProperty(exports, "correlateFindings", { enumerable: true, get: function () { return correlation_engine_js_1.correlateFindings; } });
+var trust_breakdown_js_1 = require("./trust-breakdown.js");
+Object.defineProperty(exports, "calculateTrustBreakdown", { enumerable: true, get: function () { return trust_breakdown_js_1.calculateTrustBreakdown; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,2CAAoC;AAA3B,kGAAA,IAAI,OAAA;AACb,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,yDAA0D;AAAjD,wHAAA,mBAAmB,OAAA;AAC5B,qEAAoE;AAA3D,kIAAA,uBAAuB,OAAA;AAChC,yDAU6B;AAT3B,kHAAA,aAAa,OAAA;AACb,gHAAA,WAAW,OAAA;AACX,gHAAA,WAAW,OAAA;AACX,kHAAA,aAAa,OAAA;AACb,kHAAA,aAAa,OAAA;AACb,mHAAA,cAAc,OAAA;AACd,wHAAA,mBAAmB,OAAA;AACnB,kHAAA,aAAa,OAAA;AACb,qHAAA,gBAAgB,OAAA;AAElB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AACrB,6DAAsD;AAA7C,oHAAA,aAAa,OAAA;AACtB,yEAAyE;AAAhE,uIAAA,0BAA0B,OAAA;AACnC,iEAA0E;AAAjE,wHAAA,eAAe,OAAA;AAAE,uHAAA,cAAc,OAAA;AACxC,yDAAsE;AAA7D,oHAAA,eAAe,OAAA;AAAE,mHAAA,cAAc,OAAA;AACxC,mDAAmD;AAA1C,iHAAA,eAAe,OAAA;AACxB,2CAA8D;AAArD,4GAAA,cAAc,OAAA;AAAE,4GAAA,cAAc,OAAA;AACvC,uDAAoD;AAA3C,kHAAA,cAAc,OAAA;AACvB,iDAA8C;AAArC,4GAAA,WAAW,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,2CAAoC;AAA3B,kGAAA,IAAI,OAAA;AACb,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,yDAA0D;AAAjD,wHAAA,mBAAmB,OAAA;AAC5B,qEAAoE;AAA3D,kIAAA,uBAAuB,OAAA;AAChC,yDAU6B;AAT3B,kHAAA,aAAa,OAAA;AACb,gHAAA,WAAW,OAAA;AACX,gHAAA,WAAW,OAAA;AACX,kHAAA,aAAa,OAAA;AACb,kHAAA,aAAa,OAAA;AACb,mHAAA,cAAc,OAAA;AACd,wHAAA,mBAAmB,OAAA;AACnB,kHAAA,aAAa,OAAA;AACb,qHAAA,gBAAgB,OAAA;AAElB,6CAA6C;AAApC,2GAAA,YAAY,OAAA;AACrB,6DAAsD;AAA7C,oHAAA,aAAa,OAAA;AACtB,yEAAyE;AAAhE,uIAAA,0BAA0B,OAAA;AACnC,iEAA0E;AAAjE,wHAAA,eAAe,OAAA;AAAE,uHAAA,cAAc,OAAA;AACxC,yDAAsE;AAA7D,oHAAA,eAAe,OAAA;AAAE,mHAAA,cAAc,OAAA;AACxC,mDAAmD;AAA1C,iHAAA,eAAe,OAAA;AACxB,2CAA8D;AAArD,4GAAA,cAAc,OAAA;AAAE,4GAAA,cAAc,OAAA;AACvC,uDAAoD;AAA3C,kHAAA,cAAc,OAAA;AACvB,iDAA8C;AAArC,4GAAA,WAAW,OAAA;AACpB,uDAAwE;AAA/D,qHAAA,iBAAiB,OAAA;AAAE,mHAAA,eAAe,OAAA;AAC3C,qEAAgG;AAAvF,6HAAA,kBAAkB,OAAA;AAAE,yHAAA,cAAc,OAAA;AAAE,0HAAA,eAAe,OAAA;AAC5D,qEAAgE;AAAvD,8HAAA,mBAAmB,OAAA;AAC5B,6EAAoF;AAA3E,qIAAA,sBAAsB,OAAA;AAAE,0HAAA,WAAW,OAAA;AAC5C,mFAA8E;AAArE,4IAAA,0BAA0B,OAAA;AACnC,2DAA4D;AAAnD,0HAAA,oBAAoB,OAAA;AAC7B,iEAA4D;AAAnD,0HAAA,iBAAiB,OAAA;AAC1B,2DAA+D;AAAtD,6HAAA,uBAAuB,OAAA"}

package/dist/install-hook-scanner.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Install hook deep analysis scanner (v4.2).
+ *
+ * Goes beyond basic SUSPICIOUS_SCRIPTS patterns to detect sophisticated
+ * install-time attacks: secret harvesting, download-exec chains,
+ * obfuscated one-liners, and embedded binary blobs.
+ */
+import type { Finding } from "./types.js";
+interface InstallScripts {
+    preinstall?: string;
+    postinstall?: string;
+    install?: string;
+    preuninstall?: string;
+    postuninstall?: string;
+    prepare?: string;
+}
+/**
+ * Deep-analyze install hook scripts from package.json.
+ */
+export declare function analyzeInstallHooks(scripts: InstallScripts, relativePath: string): Finding[];
+/**
+ * Extract install scripts from parsed package.json content.
+ */
+export declare function extractInstallScripts(content: string): InstallScripts | null;
+export {};
+//# sourceMappingURL=install-hook-scanner.d.ts.map

package/dist/install-hook-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-hook-scanner.d.ts","sourceRoot":"","sources":["../src/install-hook-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1C,UAAU,cAAc;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,cAAc,EACvB,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CA8HX;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,GACd,cAAc,GAAG,IAAI,CAevB"}

package/dist/install-hook-scanner.js

@@ -0,0 +1,157 @@
+"use strict";
+/**
+ * Install hook deep analysis scanner (v4.2).
+ *
+ * Goes beyond basic SUSPICIOUS_SCRIPTS patterns to detect sophisticated
+ * install-time attacks: secret harvesting, download-exec chains,
+ * obfuscated one-liners, and embedded binary blobs.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeInstallHooks = analyzeInstallHooks;
+exports.extractInstallScripts = extractInstallScripts;
+/**
+ * Deep-analyze install hook scripts from package.json.
+ */
+function analyzeInstallHooks(scripts, relativePath) {
+    const findings = [];
+    const hookNames = [
+        "preinstall", "postinstall", "install", "preuninstall", "postuninstall", "prepare",
+    ];
+    for (const hook of hookNames) {
+        const script = scripts[hook];
+        if (!script)
+            continue;
+        // Network access in install scripts
+        if (/(?:fetch|https?\.(?:get|request|post)|axios|got|node-fetch|urllib|curl|wget)\b/i.test(script)) {
+            findings.push({
+                rule: "INSTALL_HOOK_NETWORK",
+                description: `${hook} script makes network requests. Install scripts should not access the network.`,
+                severity: "critical",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.9,
+                category: "supply-chain",
+                recommendation: "Remove network calls from install scripts. Use explicit build steps instead.",
+            });
+        }
+        // Download + execute chain
+        if (/(?:curl|wget|fetch).*(?:chmod\s+\+x|exec|spawn|child_process|\.\/|bash|sh\s|node\s)/i.test(script) ||
+            /(?:exec|spawn).*(?:curl|wget|fetch)/i.test(script)) {
+            findings.push({
+                rule: "INSTALL_HOOK_DOWNLOAD_EXEC",
+                description: `${hook} script downloads and executes code. This is the #1 supply-chain attack vector.`,
+                severity: "critical",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.95,
+                category: "malware",
+                recommendation: "Never download and execute code during npm install. This is almost certainly malicious.",
+            });
+        }
+        // Environment variable harvesting (secrets)
+        if (/process\.env\.(?:AWS|GITHUB|NPM|GH_|AZURE|GCP|DOCKER|CI|TRAVIS|CIRCLE|JENKINS|SECRET|TOKEN|KEY|PASSWORD|CREDENTIAL)/i.test(script)) {
+            findings.push({
+                rule: "INSTALL_HOOK_ENV_HARVEST",
+                description: `${hook} script accesses sensitive environment variables (secrets, tokens, keys).`,
+                severity: "critical",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.85,
+                category: "supply-chain",
+                recommendation: "Install scripts should never read CI/CD secrets or API tokens.",
+            });
+        }
+        // .npmrc / credential file access
+        if (/\.npmrc|npm_config_|_authToken|\.ssh[/\\]|id_rsa|id_ed25519|\.gnupg|\.aws\/credentials/i.test(script)) {
+            findings.push({
+                rule: "INSTALL_HOOK_NPMRC_READ",
+                description: `${hook} script accesses credential files (.npmrc, SSH keys, AWS credentials).`,
+                severity: "critical",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.9,
+                category: "malware",
+                recommendation: "Install scripts must not read credential files. This is credential theft.",
+            });
+        }
+        // .env file access
+        if (/\.env\b|dotenv|require\s*\(\s*['"]dotenv/i.test(script)) {
+            findings.push({
+                rule: "INSTALL_HOOK_DOTENV_READ",
+                description: `${hook} script reads .env files. Environment files contain secrets.`,
+                severity: "high",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.7,
+                category: "supply-chain",
+                recommendation: "Install scripts should not load .env files.",
+            });
+        }
+        // Obfuscated script content
+        if (/(?:atob|btoa|Buffer\.from|decodeURIComponent|unescape|String\.fromCharCode)\s*\(/i.test(script)) {
+            findings.push({
+                rule: "INSTALL_HOOK_OBFUSCATED",
+                description: `${hook} script contains encoding/decoding operations. Obfuscated install scripts are a strong malware indicator.`,
+                severity: "high",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.8,
+                category: "malware",
+                recommendation: "Decode the obfuscated content and inspect it before running npm install.",
+            });
+        }
+        // Long one-liner (> 500 chars)
+        if (script.length > 500 && !script.includes("\n")) {
+            findings.push({
+                rule: "INSTALL_HOOK_LONG_ONELINER",
+                description: `${hook} script is a ${script.length}-character one-liner. Long single-line scripts are often obfuscated malware.`,
+                severity: "medium",
+                file: relativePath,
+                match: truncate(`${hook}: ${script}`),
+                confidence: 0.6,
+                category: "supply-chain",
+                recommendation: "Review this script carefully. Legitimate build scripts are rarely this long on one line.",
+            });
+        }
+        // Embedded binary blob (base64 > 1KB)
+        const b64Match = script.match(/[A-Za-z0-9+/=]{1000,}/);
+        if (b64Match) {
+            findings.push({
+                rule: "INSTALL_HOOK_BINARY_BLOB",
+                description: `${hook} script contains an embedded binary blob (${b64Match[0].length} chars). Likely an encoded executable payload.`,
+                severity: "high",
+                file: relativePath,
+                match: truncate(`${hook}: ${b64Match[0].substring(0, 60)}...`),
+                confidence: 0.85,
+                category: "malware",
+                recommendation: "Decode this base64 blob and inspect it. Embedded payloads in install scripts are malware.",
+            });
+        }
+    }
+    return findings;
+}
+/**
+ * Extract install scripts from parsed package.json content.
+ */
+function extractInstallScripts(content) {
+    try {
+        const pkg = JSON.parse(content);
+        if (!pkg.scripts)
+            return null;
+        return {
+            preinstall: pkg.scripts.preinstall,
+            postinstall: pkg.scripts.postinstall,
+            install: pkg.scripts.install,
+            preuninstall: pkg.scripts.preuninstall,
+            postuninstall: pkg.scripts.postuninstall,
+            prepare: pkg.scripts.prepare,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function truncate(s, max = 120) {
+    return s.length > max ? s.substring(0, max) + "..." : s;
+}
+//# sourceMappingURL=install-hook-scanner.js.map

package/dist/install-hook-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-hook-scanner.js","sourceRoot":"","sources":["../src/install-hook-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAgBH,kDAiIC;AAKD,sDAiBC;AA1JD;;GAEG;AACH,SAAgB,mBAAmB,CACjC,OAAuB,EACvB,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,SAAS,GAA6B;QAC1C,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,SAAS;KACnF,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,oCAAoC;QACpC,IAAI,iFAAiF,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACnG,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,sBAAsB;gBAC5B,WAAW,EAAE,GAAG,IAAI,gFAAgF;gBACpG,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,cAAc;gBACxB,cAAc,EAAE,8EAA8E;aAC/F,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,IAAI,sFAAsF,CAAC,IAAI,CAAC,MAAM,CAAC;YACnG,sCAAsC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACxD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,WAAW,EAAE,GAAG,IAAI,iFAAiF;gBACrG,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,SAAS;gBACnB,cAAc,EAAE,yFAAyF;aAC1G,CAAC,CAAC;QACL,CAAC;QAED,4CAA4C;QAC5C,IAAI,sHAAsH,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACxI,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,0BAA0B;gBAChC,WAAW,EAAE,GAAG,IAAI,2EAA2E;gBAC/F,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,cAAc;gBACxB,cAAc,EAAE,gEAAgE;aACjF,CAAC,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,IAAI,yFAAyF,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3G,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,yBAAyB;gBAC/B,WAAW,EAAE,GAAG,IAAI,wEAAwE;gBAC5F,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,SAAS;gBACnB,cAAc,EAAE,2EAA2E;aAC5F,CAAC,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,IAAI,2CAA2C,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,0BAA0B;gBAChC,WAAW,EAAE,GAAG,IAAI,8DAA8D;gBAClF,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,cAAc;gBACxB,cAAc,EAAE,6CAA6C;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,IAAI,mFAAmF,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACrG,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,yBAAyB;gBAC/B,WAAW,EAAE,GAAG,IAAI,2GAA2G;gBAC/H,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,SAAS;gBACnB,cAAc,EAAE,0EAA0E;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,WAAW,EAAE,GAAG,IAAI,gBAAgB,MAAM,CAAC,MAAM,8EAA8E;gBAC/H,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC;gBACrC,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE,cAAc;gBACxB,cAAc,EAAE,0FAA0F;aAC3G,CAAC,CAAC;QACL,CAAC;QAED,sCAAsC;QACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,0BAA0B;gBAChC,WAAW,EAAE,GAAG,IAAI,6CAA6C,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,gDAAgD;gBACnI,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC;gBAC9D,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,SAAS;gBACnB,cAAc,EAAE,2FAA2F;aAC5G,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAyC,CAAC;QACxE,IAAI,CAAC,GAAG,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC9B,OAAO;YACL,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;YAClC,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,WAAW;YACpC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY;YACtC,aAAa,EAAE,GAAG,CAAC,OAAO,CAAC,aAAa;YACxC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;SAC7B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAG,GAAG,GAAG;IACpC,OAAO,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC"}

package/dist/ioc-blocklist.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Known Indicators of Compromise (IOC) blocklist.
+ *
+ * Contains known malicious domains, IPs, hashes, GitHub accounts,
+ * and compromised package versions. Updated as new threats emerge.
+ */
+export declare const KNOWN_C2_DOMAINS: string[];
+export declare const KNOWN_C2_IPS: string[];
+export declare const KNOWN_DEAD_DROPS: string[];
+export declare const KNOWN_MALICIOUS_HASHES: Record<string, string>;
+export declare const KNOWN_MALICIOUS_GITHUB_ACCOUNTS: string[];
+export declare const KNOWN_BAD_NPM_VERSIONS: Record<string, {
+    versions: string[];
+    description: string;
+}>;
+export declare const KNOWN_BAD_PYPI_VERSIONS: Record<string, {
+    versions: string[];
+    description: string;
+}>;
+import type { Finding } from "./types.js";
+/**
+ * Check content against known IOC blocklists.
+ */
+export declare function checkIOCBlocklist(content: string, relativePath: string): Finding[];
+/**
+ * Check a package name + version against the known-bad blocklist.
+ */
+export declare function checkBadVersion(name: string, version: string, ecosystem: "npm" | "pypi"): Finding | null;
+//# sourceMappingURL=ioc-blocklist.d.ts.map

package/dist/ioc-blocklist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc-blocklist.d.ts","sourceRoot":"","sources":["../src/ioc-blocklist.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,eAAO,MAAM,gBAAgB,EAAE,MAAM,EAMpC,CAAC;AAMF,eAAO,MAAM,YAAY,EAAE,MAAM,EAIhC,CAAC;AAMF,eAAO,MAAM,gBAAgB,EAAE,MAAM,EAKpC,CAAC;AAMF,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAQzD,CAAC;AAMF,eAAO,MAAM,+BAA+B,EAAE,MAAM,EAInD,CAAC;AAMF,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAiC9F,CAAC;AAMF,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAK/F,CAAC;AAMF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1C;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CA8EX;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,KAAK,GAAG,MAAM,GACxB,OAAO,GAAG,IAAI,CAiBhB"}