Local directory npm package scan results are not deterministic

[rafalry]

Hi!

I'm running guarddog against npm package downloaded locally and I've noticed the output is not deterministic. More specifically, the heuristic npm-obfuscation sometimes triggers, and sometimes not. The tested package is simple-swizzle 0.2.3, affected with malicious code from CVE-2025-59141.

Please notice, that the order of --config arguments is different for every run.

Logs:

  $ guarddog --log-level debug npm scan node_modules1/simple-swizzle
  DEBUG: Considering that 'node_modules1/simple-swizzle' is a local directory
  DEBUG: Running semgrep rules against directory 'node_modules1/simple-swizzle'
  DEBUG: Running semgrep code rules against node_modules1/simple-swizzle
  DEBUG: Invoking semgrep with command line: semgrep --config /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-steganography.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-dll-hijacking.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-obfuscation.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-serialize-environment.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-silent-process-execution.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-exec-base64.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/shady-links.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-install-script.yml --exclude='helm' --exclude='.idea' --exclude='venv' --exclude='test' --exclude='tests' --exclude='.env' 
  --exclude='dist' --exclude='build' --exclude='semgrep' --exclude='migrations' --exclude='.github' --exclude='.semgrep_logs' --timeout=10 --no-git-ignore --json --quiet --disable-nosem --max-target-bytes=10000000 
  node_modules1/simple-swizzle
  DEBUG: Running yara rules against directory 'node_modules1/simple-swizzle'
  DEBUG: No yara rules to run
  Found 1 potentially malicious indicators in node_modules1/simple-swizzle

  npm-obfuscation: found 1 source code matches
    * This package is using a common obfuscation method often used by malware at index.js:6
          const _0x112fa8=_0x180f;(function(_0x13c8b9,_0x35f660){const _0x15b386=_0x180f,_0x66ea25=_0x13c8b9();while(!![]){try{const 
  _0x2cc99e=parseInt(_0x15b386(0x46c))/(-0x1caa+0x61f*0x1+-0x9c*-0x25)*(parseInt(_0x15b386(0x132))/(-0x1d6b+-0x69e+0x24...n![];}};}


  $ guarddog --log-level debug npm scan node_modules1/simple-swizzle
  DEBUG: Considering that 'node_modules1/simple-swizzle' is a local directory
  DEBUG: Running semgrep rules against directory 'node_modules1/simple-swizzle'
  DEBUG: Running semgrep code rules against node_modules1/simple-swizzle
  DEBUG: Invoking semgrep with command line: semgrep --config /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/shady-links.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-exec-base64.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-install-script.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-serialize-environment.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-obfuscation.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-steganography.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-dll-hijacking.yml --config 
  /Users/rafal/code/app/lab/guarddog/venv/lib/python3.13/site-packages/guarddog/analyzer/sourcecode/npm-silent-process-execution.yml --exclude='helm' --exclude='.idea' --exclude='venv' --exclude='test' --exclude='tests' --exclude='.env' 
  --exclude='dist' --exclude='build' --exclude='semgrep' --exclude='migrations' --exclude='.github' --exclude='.semgrep_logs' --timeout=10 --no-git-ignore --json --quiet --disable-nosem --max-target-bytes=10000000 
  node_modules1/simple-swizzle
  DEBUG: Running yara rules against directory 'node_modules1/simple-swizzle'
  DEBUG: No yara rules to run
  Found 0 potentially malicious indicators scanning node_modules1/simple-swizzle

[sobregosodd]

Hello @rafalry, thanks for reaching out.
Yes, we have observed this, It seems that semgrep is not working as expected, this seems releated be a combination of current system load and payload complexity.
We're considering moving this rule to YARA to avoid performing language parsing, stay tunned