@atcrabtree/malware-scanner

Scan npm packages for malware and security vulnerabilities.

Installation

``bash

`Install globally via npm`


npm install -g @atcrabtree/malware-scanner
Or run directly with npx

npx @atcrabtree/malware-scanner scan lodash


Quick Start

`bash

`Authenticate (required for higher rate limits)`


malware-scanner login
Scan a single package

malware-scanner scan lodash
Scan a specific version

malware-scanner scan lodash@4.17.21
Scan multiple packages

malware-scanner batch lodash express react vue


Commands
$3
Authenticate with the malware scanner service via Google or GitHub OAuth.

`bash malware-scanner login malware-scanner login --name "MacBook Pro" # Name this token malware-scanner login --force # Re-authenticate`

`$3`

Sign out and revoke your CLI token.

`bash malware-scanner logout`

`$3`

Display information about your current session.

`bash malware-scanner whoami`

`$3`

Scan a single npm package for malware.

`bash malware-scanner scan

`Options:`


  -v, --version   Specific version to scan

  -f, --format     Output format: console or json (default: console)
Examples:

malware-scanner scan lodash
malware-scanner scan lodash@4.17.21
malware-scanner scan lodash --format json


$3
Scan multiple npm packages concurrently.

`bash malware-scanner batch

`Options:`


  -c, --concurrency    Number of concurrent scans (default: 3)

  -f, --format    Output format: console or json (default: console)

  --fail-fast            Stop on first critical threat
Examples:

malware-scanner batch lodash express react
malware-scanner batch lodash express -c 5
malware-scanner batch lodash express --format json


Exit Codes
| Code | Meaning |
|------|---------|
| 0 | All packages clean |
| 1 | Warnings detected |
| 2 | Critical threats detected |
Rate Limits
| Tier | Scans/Hour |
|------|------------|
| Anonymous | 10 |
| Authenticated | 100 |
| Premium | 1000 |

Authenticate with malware-scanner login to increase your rate limit.

`Configuration`

The CLI stores credentials in ~/.config/malwarescanner/credentials.json.

You can override the API URL with:`bash export MALWARE_SCANNER_API_URL=https://custom-api.example.com`

`Building from Source`

`bash

`Clone the repository`


git clone https://github.com/noderiety/malware-scanner.git
cd malware-scanner/packages/cli-public
Install dependencies

bun install
Build TypeScript

bun run build
Build native binary (current platform)

bun run build:binary
Build for all platforms

bun run build:all

License

MIT

@atcrabtree/malware-scanner

Scan npm packages for malware and security vulnerabilities.

Installation

``bash

`Install globally via npm`


npm install -g @atcrabtree/malware-scanner
Or run directly with npx

npx @atcrabtree/malware-scanner scan lodash


Quick Start

`bash

`Authenticate (required for higher rate limits)`


malware-scanner login
Scan a single package

malware-scanner scan lodash
Scan a specific version

malware-scanner scan lodash@4.17.21
Scan multiple packages

malware-scanner batch lodash express react vue


Commands
$3
Authenticate with the malware scanner service via Google or GitHub OAuth.

`bash malware-scanner login malware-scanner login --name "MacBook Pro" # Name this token malware-scanner login --force # Re-authenticate`

`$3`

Sign out and revoke your CLI token.

`bash malware-scanner logout`

`$3`

Display information about your current session.

`bash malware-scanner whoami`

`$3`

Scan a single npm package for malware.

`bash malware-scanner scan

`Options:`


  -v, --version   Specific version to scan

  -f, --format     Output format: console or json (default: console)
Examples:

malware-scanner scan lodash
malware-scanner scan lodash@4.17.21
malware-scanner scan lodash --format json


$3
Scan multiple npm packages concurrently.

`bash malware-scanner batch

`Options:`


  -c, --concurrency    Number of concurrent scans (default: 3)

  -f, --format    Output format: console or json (default: console)

  --fail-fast            Stop on first critical threat
Examples:

malware-scanner batch lodash express react
malware-scanner batch lodash express -c 5
malware-scanner batch lodash express --format json


Exit Codes
| Code | Meaning |
|------|---------|
| 0 | All packages clean |
| 1 | Warnings detected |
| 2 | Critical threats detected |
Rate Limits
| Tier | Scans/Hour |
|------|------------|
| Anonymous | 10 |
| Authenticated | 100 |
| Premium | 1000 |

Authenticate with malware-scanner login to increase your rate limit.

`Configuration`

The CLI stores credentials in ~/.config/malwarescanner/credentials.json.

You can override the API URL with:`bash export MALWARE_SCANNER_API_URL=https://custom-api.example.com`

`Building from Source`

`bash

`Clone the repository`


git clone https://github.com/noderiety/malware-scanner.git
cd malware-scanner/packages/cli-public
Install dependencies

bun install
Build TypeScript

bun run build
Build native binary (current platform)

bun run build:binary
Build for all platforms

bun run build:all

License

MIT