{"_id":"npm-sentinel","_rev":"5-a95981ca8314c3e1dc098fa403e8884a","name":"npm-sentinel","dist-tags":{"latest":"2.1.0"},"versions":{"1.0.0":{"name":"npm-sentinel","version":"1.0.0","keywords":["security","npm","supply-chain","malware","analysis"],"author":{"name":"Godfrey Lebo","email":"emorylebo@gmail.com"},"license":"MIT","_id":"npm-sentinel@1.0.0","maintainers":[{"name":"cruxifixur","email":"emorylebo@gmail.com"}],"bin":{"npm-sentinel":"bin/npm-sentinel.js"},"dist":{"shasum":"31d3cb726378440b963a56c5967f64e774135daf","tarball":"https://registry.npmjs.org/npm-sentinel/-/npm-sentinel-1.0.0.tgz","fileCount":4,"integrity":"sha512-7RO9fOLVQIPSfBuqRIMdkiMDbTXDmQLrGfeL4ED/R/u1KWbF2O2vni8uLj7Z2f40rziIoZ4F6poVOBVtHkmezQ==","signatures":[{"sig":"MEQCIBw2VMsnFa1014MOoPjI9hLuctKhkatICOSKWrQ6UZa5AiB6ycREibKg+P6O4vRKpp2LjdWo7QFPu6WthktFAam8wg==","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":5290},"gitHead":"c6be1eda891602a1e9d036bd7ffacf9dce0a41e6","scripts":{"test":"echo \"Error: no test specified\" && exit 1"},"_npmUser":{"name":"cruxifixur","email":"emorylebo@gmail.com"},"_npmVersion":"10.8.2","description":"A CLI tool to detect supply chain attacks in npm packages by analyzing lifecycle scripts and registry metadata.","directories":{},"_nodeVersion":"18.20.8","dependencies":{"axios":"^1.6.0","chalk":"^4.1.2","commander":"^11.0.0"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/npm-sentinel_1.0.0_1764394989850_0.17050348360717926","host":"s3://npm-registry-packages-npm-production"}},"2.0.0":{"name":"npm-sentinel","version":"2.0.0","keywords":["security","npm","supply-chain","malware","analysis"],"author":{"name":"Godfrey Lebo","email":"emorylebo@gmail.com"},"license":"MIT","_id":"npm-sentinel@2.0.0","maintainers":[{"name":"cruxifixur","email":"emorylebo@gmail.com"}],"bin":{"npm-sentinel":"src/cli.js"},"dist":{"shasum":"1eb6c91deae6c41a9340fc7be56514941029eb95","tarball":"https://registry.npmjs.org/npm-sentinel/-/npm-sentinel-2.0.0.tgz","fileCount":10,"integrity":"sha512-Qs8bxt0R9AAxpEzYslbcOoGCNOq/LxqRq3+b96ke1dYAWVw4kZrRZK411Drtoy8orcllYEoDZ1yfP2bE5kAiqg==","signatures":[{"sig":"MEYCIQDgCUy8gnIoyg3OQTJBmDQ0FuUHK5jL6DHDS3OXsE/wcgIhAO/Qk7uxZh2b3r4Qb1YACq5JS6eFz1XrEwHAj0i6uzqj","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":14479},"gitHead":"85aaa7a951f88be0d3993ebd9ffa753411b466e9","scripts":{"test":"echo \"Error: no test specified\" && exit 1"},"_npmUser":{"name":"cruxifixur","email":"emorylebo@gmail.com"},"_npmVersion":"10.8.2","description":"A CLI tool to detect supply chain attacks in npm packages by analyzing lifecycle scripts and registry metadata.","directories":{},"_nodeVersion":"18.20.8","dependencies":{"axios":"^1.6.0","chalk":"^4.1.2","commander":"^11.0.0"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/npm-sentinel_2.0.0_1764395868119_0.9342693427424613","host":"s3://npm-registry-packages-npm-production"}},"2.0.1":{"name":"npm-sentinel","version":"2.0.1","keywords":["security","npm","supply-chain","malware"],"author":{"name":"Godfrey Lebo","email":"emorylebo@gmail.com"},"license":"MIT","_id":"npm-sentinel@2.0.1","maintainers":[{"name":"cruxifixur","email":"emorylebo@gmail.com"}],"bin":{"npm-sentinel":"dist/cli.js"},"dist":{"shasum":"ca09776a3af2cf4ba7a865ad84ec4728e04b2af5","tarball":"https://registry.npmjs.org/npm-sentinel/-/npm-sentinel-2.0.1.tgz","fileCount":15,"integrity":"sha512-OvDzHD+FejsQa5e2MjXMhs1ug5rls5UAFtBzRUQ75+c6smhwsAhzv6+Gn8CHrND5uOxNV9Zx00gnNaCfCTmCdQ==","signatures":[{"sig":"MEUCIQCG0AcoF1sVo6VTul9T3qITeUeVbyNyj294QpjT6ja9QgIgMFqe0ynyJgVlEROHOVZ0jtdlAGiJz+hlQEeroHz/Zq0=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":25611},"gitHead":"5d07af0efe861b8d5615d47f0aec6e219d1849d7","scripts":{"test":"echo \"Error: no test specified\" && exit 1","build":"rimraf dist && tsc","start":"ts-node src/cli.ts","prepublishOnly":"npm run build"},"_npmUser":{"name":"cruxifixur","email":"emorylebo@gmail.com"},"_npmVersion":"10.8.2","description":"A CLI tool to detect supply chain attacks in npm packages by analyzing lifecycle scripts and registry metadata.","directories":{},"_nodeVersion":"18.20.8","dependencies":{"axios":"^1.6.0","chalk":"^4.1.2","commander":"^11.0.0"},"_hasShrinkwrap":false,"devDependencies":{"rimraf":"^5.0.10","ts-node":"^10.9.2","typescript":"^5.9.3","@types/node":"^24.10.1","@types/fs-extra":"^11.0.4","@types/commander":"^2.12.0"},"_npmOperationalInternal":{"tmp":"tmp/npm-sentinel_2.0.1_1764416896300_0.32749316098603365","host":"s3://npm-registry-packages-npm-production"}},"2.1.0":{"name":"npm-sentinel","version":"2.1.0","keywords":["security","npm","supply-chain","malware"],"author":{"name":"Godfrey Lebo","email":"emorylebo@gmail.com"},"license":"MIT","_id":"npm-sentinel@2.1.0","maintainers":[{"name":"cruxifixur","email":"emorylebo@gmail.com"}],"bin":{"npm-sentinel":"dist/cli.js"},"dist":{"shasum":"f044c70cd28acd153bf0da5d9176714f03d6cec6","tarball":"https://registry.npmjs.org/npm-sentinel/-/npm-sentinel-2.1.0.tgz","fileCount":25,"integrity":"sha512-4cMWN03EbriFnnhDJ7ayOoEVj/9vh4otAi9ZHPZldEROwEDJIjcx21EULdah+ud/Shfpzdx36tKwGGSlxTU9FQ==","signatures":[{"sig":"MEQCIGA3AeKMWtmyAkxFRZbP4/iIfuZMagXsLp3yLLvoGSaPAiBGHIA3ZPjHic/ZfTlxAui4pPTmXgWlb2/n6A0i4ID2OQ==","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":58661},"gitHead":"c4aa4f146c385bda9dc5d3da47b2388374b259f8","scripts":{"test":"jest","build":"rimraf dist && tsc","start":"ts-node src/cli.ts","prepublishOnly":"npm run build"},"_npmUser":{"name":"cruxifixur","email":"emorylebo@gmail.com"},"_npmVersion":"10.8.2","description":"A CLI tool to detect supply chain attacks in npm packages by analyzing lifecycle scripts and registry metadata.","directories":{},"_nodeVersion":"20.19.4","dependencies":{"ora":"^5.4.1","zod":"^3.22.4","axios":"^1.6.0","boxen":"^5.1.2","chalk":"^4.1.2","commander":"^11.0.0","cli-table3":"^0.6.3"},"_hasShrinkwrap":false,"devDependencies":{"jest":"^29.7.0","rimraf":"^5.0.10","ts-jest":"^29.1.1","ts-node":"^10.9.2","typescript":"^5.9.3","@types/jest":"^29.5.10","@types/node":"^24.10.1","@types/boxen":"^3.0.1","@types/fs-extra":"^11.0.4","@types/commander":"^2.12.0"},"_npmOperationalInternal":{"tmp":"tmp/npm-sentinel_2.1.0_1765534752064_0.7995085700918778","host":"s3://npm-registry-packages-npm-production"}}},"time":{"created":"2025-11-29T05:43:09.848Z","modified":"2025-12-21T12:51:36.721Z","1.0.0":"2025-11-29T05:43:10.039Z","2.0.0":"2025-11-29T05:57:48.297Z","2.0.1":"2025-11-29T11:48:16.499Z","2.1.0":"2025-12-12T10:19:12.204Z"},"author":{"name":"Godfrey Lebo","email":"emorylebo@gmail.com"},"license":"MIT","keywords":["security","npm","supply-chain","malware"],"description":"A CLI tool to detect supply chain attacks in npm packages by analyzing lifecycle scripts and registry metadata.","maintainers":[{"email":"emorylebo@gmail.com","name":"godfreylebo"}],"readme":"# npm-sentinel\n\n[![npm version](https://img.shields.io/npm/v/npm-sentinel.svg)](https://www.npmjs.com/package/npm-sentinel)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n[![Security](https://img.shields.io/badge/security-policy-green.svg)](SECURITY.md)\n\n**npm-sentinel** is an advanced, professional-grade security tool designed to protect your development environment from sophisticated supply chain attacks. By analyzing `package.json` lifecycle scripts, scanning for known malware signatures (like Shai Hulud 2.0), and cross-referencing with the npm registry, it acts as a robust early warning system.\n\n> \"In a world of compromised packages, be the sentinel.\"\n\n## Features\n\n-   **Deep Heuristics**: Detects not just patterns, but **extracts and analyzes Base64 obfuscated payloads** to find hidden threats.\n-   **Malware Signatures**: Specific detection for known threats like **Shai Hulud 2.0** (`setup_bun.js`, `bun_environment.js`).\n-   **Beautiful UI**: Interactive CLI with spinners, clean tables, and color-coded severity reports.\n-   **Robust Validation**: Built with `Zod` schemas to handle malformed packages gracefully.\n-   **Lifecycle Script Analysis**: Scans `preinstall`, `install`, `postinstall` for dangerous commands.\n-   **Registry Metadata Check**: Identifies potential **typosquatting** by alerting on recently created packages (< 7 days old).\n\n## Installation\n\n```bash\nnpm install -g npm-sentinel\n# OR run directly\nnpx npm-sentinel\n```\n\n## Usage\n\n### Basic Scan\nAnalyze the current directory for threats.\n```bash\nnpm-sentinel\n```\n\n### Targeted Scan\nAnalyze a specific package directory.\n```bash\nnpm-sentinel --path /path/to/suspicious-package\n```\n\n### Verbose Mode\nSee detailed logs of what is being checked.\n```bash\nnpm-sentinel --verbose\n```\n\n## How It Works\n\n1.  **Parse**: Reads `package.json` and strict-validates it.\n2.  **Analyze Scripts**: Checks `scripts` for regex patterns (e.g., `curl|bash`, `netcat`) and recursively decodes Base64 strings to find hidden commands.\n3.  **Scan Files**: Checks the directory for known malicious filenames.\n4.  **Verify Registry**: Fetches metadata from npm to warn about suspicious package age or maintenance status.\n5.  **Report**: Displays a beautiful summary table of findings.\n\n## Example Output\n\n<img src=\"https://via.placeholder.com/800x400?text=npm-sentinel+UI+Demo\" alt=\"UI Demo\" width=\"100%\">\n\n```text\n📦 Package: my-app v1.0.0\n📅 Registry: Created 365 days ago\n\n⚠️  Found 1 potential issues:\n┌──────────┬───────────────────┬────────────────────────────────────────────────────────┐\n│ Severity │ Location          │ Description                                            │\n├──────────┼───────────────────┼────────────────────────────────────────────────────────┤\n│ CRITICAL │ scripts.install   │ Obfuscated (Base64) payload detected: \"curl evil.com...\"         │\n└──────────┴───────────────────┴────────────────────────────────────────────────────────┘\n```\n\n## Contributing\n\nWe welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details.\n\n## Security\n\nFor security concerns, please refer to [SECURITY.md](SECURITY.md).\n\n## License\n\nMIT\n\n## Author\n\n**Godfrey Lebo** - [GitHub](https://github.com/emorilebo)\n","readmeFilename":"README.md"}