feat(security): block known malware (OSV MAL-*) and detect typosquatting

[ProduktEntdecker]

Two fraud-protection improvements: a fix for a severity-mapping gap that let known malware through, and a new offline typosquatting check.

1. Known malware (MAL-*) was silently allowed — fixed

The OSV database includes the OpenSSF malicious-packages catalog (MAL-* ids), but these advisories usually carry no CVSS score. The severity chain collapsed them to UNKNOWN → NONE → allow, with the message "Vulnerabilities found, but none are above LOW severity".

• src/osv.ts: any advisory with a MAL- prefixed id or alias is treated as CRITICAL (checked on the raw OSV entry, before chooseId() resolves CVE aliases)
• src/index.ts: UNKNOWN severity no longer collapses to NONE
• src/decision.ts: UNKNOWN severity triggers ask instead of allow

Net effect: known malware → deny; unscored advisories → ask; everything else unchanged.

2. Typosquatting detection (new)

Typosquatting (lodahs, reqeusts, crossenv) is the most common package fraud vector and had no direct detection.

• src/typosquat.ts: bounded Damerau-Levenshtein comparison against an embedded curated list of popular npm/PyPI packages (src/data/popular-packages.ts). Transpositions count as 1 edit — plain Levenshtein would miss lodahs.
• Thresholds: 1 edit for names ≥ 4 chars, 2 edits only for names ≥ 8 chars (avoids short-name false positives like vue/vie)
• PyPI names are PEP 503-normalized before comparison; exact matches with popular packages are never flagged
• Near-misses raise a HIGH supply chain signal → decision escalates to ask with a Did you mean "lodash"? hint
• Runs fully offline: no extra latency, no new failure mode

Tests

• MAL-* advisories (id and alias variants) → CRITICAL; unscored non-MAL advisories stay UNKNOWN
• New src/decision.test.ts (UNKNOWN → ask, severity precedence, signal merging)
• New src/typosquat.test.ts (15 tests: transpositions, omissions, scoped packages, PEP 503, short-name guards, homebrew skip)
• All 137 tests pass, tsc --noEmit clean

Closes Linear issues PRO-373 and PRO-374.

https://claude.ai/code/session_01QTEvxicjPZXdx2hvmvnmzH

Summary by CodeRabbit

• Bug Fixes

  • UNKNOWN-Schweregrad wird nicht mehr stillschweigend erlaubt; führt stattdessen zu einer "ask"-Entscheidung/Begründung.

• New Features

  • Malware‑Advisories (MAL-*) werden als kritisch eingestuft.
  • Offline‑Typosquat‑Erkennung hinzugefügt; erkannte Treffer erzeugen Supply‑Chain‑Signale.
  • Beliebte Paketlisten für npm und PyPI wurden ergänzt.

• Tests

  • Neue Tests für Entscheidungslogik, OSV‑Malware‑Mapping und Typosquat/Distanzfunktionen.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 42345773-bf58-4943-9c1e-0044503937d2

📥 Commits

Reviewing files that changed from the base of the PR and between d369028 and 9deb89f.

📒 Files selected for processing (5)

• src/data/popular-packages.ts
• src/index.ts
• src/registry.ts
• src/typosquat.test.ts
• src/typosquat.ts

---

Walkthrough

Die PR ergänzt konsistente Behandlung von UNKNOWN-Schweregrad: OSV-Daten werden korrekt von UNKNOWN (statt NONE) differenziert, Malware-Advisories als CRITICAL erkannt, und die Entscheidungslogik behandelt UNKNOWN als Genehmigungsfall statt Auto-Allow. Zusätzlich wird eine offline Typosquat-Erkennung eingeführt, deren Signale in die Entscheidungsaggregation einfließen.

Changes

UNKNOWN-Severity-Klassifizierung und Entscheidungsfluss

Layer / File(s)	Summary
OSV severity extraction and malware detection src/index.ts, src/osv.ts, src/osv.test.ts	mapSeverity unterscheidet OSV-UNKNOWN von NONE. Neue Hilfsfunktion isMalwareAdvisory erkennt MAL--Advisories (in id oder aliases) als CRITICAL, unabhängig von anderen Severity-Daten. Tests verifizieren MAL--Fallbehandlung.
Decision logic and reason generation for UNKNOWN src/decision.ts, src/decision.test.ts	Vulnerability-Typ umfasst UNKNOWN-Severity. makeDecision behandelt UNKNOWN wie MODERATE: führt zu ask-Entscheidung. Reason-Text integriert UNKNOWN-Zähler. Tests prüfen UNKNOWN-Verhalten isoliert und mit Supply-Chain-Signalen.
Offline typosquat detector and popular lists src/typosquat.ts, src/data/popular-packages.ts, src/registry.ts	Neue boundedEditDistance und checkTyposquat Funktionen; kuratierte POPULAR_NPM_PACKAGES und POPULAR_PYPI_PACKAGES Sets; SupplyChainSignal.type erweitert um 'typosquat'. Typosquat-Erkennung normalisiert PyPI nach PEP-503 und verwendet frühes Abbrechen bei Distanzüberschreitung.
Typosquat wiring and aggregation src/index.ts	checkTyposquat importiert und bei der Signalerfassung über checkablePackages aufgerufen; gefundene Typosquat-Signale werden zu allSignals hinzugefügt.
Typosquat tests src/typosquat.test.ts	Umfangreiche Tests für boundedEditDistance und checkTyposquat in npm/pypi/homebrew-Kontexten; decken Transpositionen, Scoping, PEP-503-Normalisierung und Skip-Regeln ab.

Sequence Diagrams

sequenceDiagram
    participant API as OSV API
    participant Extract as coerceSeverity
    participant Map as mapSeverity
    participant Typos as checkTyposquat
    participant Decide as makeDecision

    API->>Extract: Advisory (id, aliases, cvss, database_specific)
    Extract->>Extract: Check MAL- prefix
    alt MAL-* detected
        Extract->>Extract: Return CRITICAL
    else No MAL-
        Extract->>Extract: CVSS → severity
        Extract->>Extract: Or database_specific.severity
        Extract->>Extract: Or UNKNOWN
    end
    Extract->>Map: OSV severity
    Map->>Map: UNKNOWN → UNKNOWN (not NONE)
    Typos->>Map: (offline) check popular lists → possible 'typosquat' signal
    Map->>Decide: Decision engine severity + signals
    Decide->>Decide: CRITICAL/HIGH → deny
    Decide->>Decide: MODERATE/UNKNOWN → ask
    Decide->>Decide: LOW → allow

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ProduktEntdecker/patchpilot-cli#16: Implementiert CVE- und Supply-Chain-Signal-Prioritätslogik, die diese PR durch UNKNOWN-Severity-Handling erweitert.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.46% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Der PR-Titel bezieht sich auf die tatsächlichen Hauptänderungen: Blockierung bekannter Malware (OSV MAL-*) und Typosquat-Erkennung.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/patchpilot-fraud-protection-zrjp3c

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}