detect-project-malware

Scans a whole project (JS/TS, Python, shell, Ruby/Go/PHP, Dockerfiles, YAML, package.json, and JS/TS tooling configs) for supply-chain and infostealer patterns — obfuscated JavaScript, `eval(atob())` / `new Function()` loaders, `createRequire` ESM escapes, browser & SSH & cloud credential theft (Chrome Safe Storage, Login Data, AWS keys, GitHub tokens, crypto wallets, PEM blocks), reverse shells and `curl | sh` droppers, persistence via `.bashrc` / `authorized_keys` / crontab / LaunchAgents, network exfiltration channels (Telegram bots, Discord/Slack webhooks, ngrok/transfer.sh), crypto miners, and suspicious `package.json` install hooks. Use when the user mentions suspicious config changes, unexplained build hangs, keychain/password prompts during `npm run dev` / `npm run build`, recent commits from unknown contributors, incident response, supply-chain attack, malware, infostealer, or when auditing a repo after a `git pull`.