{
    "name": "worm-sign",
    "version": "4.2.0",
    "description": "A security scanner that detects npm packages compromised by supply chain attacks, including the TanStack wave 4 attack (May 2026), the Axios attack (March 2026), and Shai-Hulud malware.",
    "main": "dist/src/index.js",
    "bin": {
        "worm-sign": "dist/bin/scan.js"
    },
    "scripts": {
        "test": "jest",
        "test:smoke": "ts-node scripts/smoke_test.ts",
        "lint": "eslint src bin tests",
        "format": "prettier --write src bin tests",
        "prebuild": "ts-node scripts/encrypt-signatures.ts",
        "build": "tsc",
        "start": "node dist/bin/scan.js",
        "dev": "ts-node bin/scan.ts",
        "prepare": "husky"
    },
    "keywords": [
        "security",
        "scanner",
        "malware",
        "shai-hulud",
        "worm",
        "vulnerabilities",
        "npm",
        "yarn",
        "pnpm",
        "supply-chain",
        "devsecops",
        "audit",
        "lockfile",
        "integrity",
        "analysis",
        "heuristics",
        "entropy",
        "ci",
        "github-actions"
    ],
    "files": [
        "dist",
        "vuls.csv",
        "sources"
    ],
    "author": "Branislav Lang",
    "license": "MIT",
    "repository": {
        "type": "git",
        "url": "git+https://github.com/BranLang/worm-sign.git"
    },
    "bugs": {
        "url": "https://github.com/BranLang/worm-sign/issues"
    },
    "homepage": "https://github.com/BranLang/worm-sign#readme",
    "dependencies": {
        "@npmcli/arborist": "^9.1.8",
        "@yarnpkg/lockfile": "^1.1.0",
        "boxen": "^8.0.1",
        "chalk": "^5.6.2",
        "cli-table3": "^0.6.5",
        "commander": "^14.0.2",
        "cosmiconfig": "^9.0.0",
        "csv-parse": "^5.5.6",
        "csv-stringify": "^6.6.0",
        "gradient-string": "^3.0.0",
        "js-yaml": "^4.1.1",
        "ora": "^8.1.0"
    },
    "devDependencies": {
        "@eslint/js": "^9.39.1",
        "@types/boxen": "^2.1.0",
        "@types/chalk": "^0.4.31",
        "@types/cosmiconfig": "^5.0.3",
        "@types/gradient-string": "^1.1.6",
        "@types/jest": "^30.0.0",
        "@types/js-yaml": "^4.0.9",
        "@types/node": "^24.10.1",
        "@types/npmcli__arborist": "^6.3.1",
        "@types/ora": "^3.1.0",
        "eslint": "^9.39.1",
        "globals": "^16.5.0",
        "husky": "^9.1.7",
        "jest": "^30.2.0",
        "lint-staged": "^16.2.7",
        "prettier": "^3.7.1",
        "ts-jest": "^29.4.5",
        "ts-node": "^10.9.2",
        "typescript": "^5.9.3",
        "typescript-eslint": "^8.48.0"
    },
    "lint-staged": {
        "*.{ts,js,json,md}": [
            "prettier --write"
        ],
        "*.{ts,js}": [
            "eslint --fix"
        ]
    },
    "overrides": {
        "ip-address": ">=10.1.1"
    }
}