npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mlvscan/wasm-core

v1.5.0

Published

WebAssembly core for MLVScan - scanning managed .NET assemblies and mod DLLs in the browser

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ifbarsifbars

Keywords

Readme

@mlvscan/wasm-core

npm

WebAssembly scanning engine for MLVScan. It runs the MLVScan.Core malware detection engine in the browser with no server-side scan step.

Installation

bun add @mlvscan/wasm-core

Serving The Framework Files

The package ships with a dist/_framework directory containing the .NET WASM runtime. Your build tool must serve these files at runtime. With Vite, use vite-plugin-static-copy:

// vite.config.ts
import { viteStaticCopy } from 'vite-plugin-static-copy'

export default {
  plugins: [
    viteStaticCopy({
      targets: [{
        src: 'node_modules/@mlvscan/wasm-core/dist/_framework',
        dest: '.'
      }]
    })
  ]
}

Then initialize with baseUrl: '/', or set baseUrl to the route where _framework/dotnet.js is served.

Quick Start

import { initScanner, scanAssembly } from '@mlvscan/wasm-core'

await initScanner({ baseUrl: '/' })

const file = event.target.files[0]
const bytes = new Uint8Array(await file.arrayBuffer())
const result = await scanAssembly(bytes, file.name)

console.log(`${result.disposition?.classification}: ${result.disposition?.headline}`)
console.log(`Found ${result.summary.totalFindings} finding(s)`)

for (const family of result.threatFamilies ?? []) {
  console.log(`Matched family: ${family.displayName} (${family.matchKind})`)
}

API Reference

initScanner(options?)

Loads the .NET WASM runtime. Call once at app startup before scanning, or let scanAssembly initialize on first use. Repeated calls are no-ops after initialization.

await initScanner({
  baseUrl: '/',             // Where _framework is served. Defaults to '/'.
  useMock: false,           // Force mock mode for tests. Defaults to false.
  throwOnInitFailure: false // Throw instead of falling back to mock on load failure.
})

If throwOnInitFailure is not set and WASM fails to load, the scanner falls back to mock mode and returns zero findings. Use getScannerStatus() or getInitError() to detect that state.

scanAssembly(fileBytes, fileName)

Scans a managed .NET assembly and returns a ScanResult. It auto-initializes the scanner if initScanner was not called first.

const result = await scanAssembly(bytes, 'MyMod.dll')

scanAssemblyWithConfig(fileBytes, fileName, config)

Scans with explicit Core scan configuration. Omitted values use the WASM scanner defaults.

const result = await scanAssemblyWithConfig(bytes, 'MyMod.dll', {
  developerMode: true,
  enableCrossMethodAnalysis: true,
  enableReturnValueTracking: true
})

Status And Utility

| Function | Returns | Description | |---|---|---| | isScannerReady() | boolean | True when init has completed with either real WASM or mock fallback. | | isMockScanner() | boolean | True when running in mock mode. | | getScannerStatus() | ScannerStatus | Full status snapshot: ready, mock, explicit mock, and init error. | | getScannerVersion() | Promise<string> | Scanner engine version, such as "1.5.0". Returns "1.0.0-mock" in mock mode. | | getSchemaVersion() | Promise<string> | Result schema version, currently "1.2.0". | | getInitError() | Error \| null | The error that caused WASM fallback, or null if healthy. |

Configuration And Result Detail

scanAssemblyWithConfig accepts ScanConfigInput, which mirrors the public Core scan options in a JSON-friendly shape:

await scanAssemblyWithConfig(bytes, 'MyMod.dll', {
  developerMode: true,
  enableCrossMethodAnalysis: true,
  maxCallChainDepth: 5,
  enableReturnValueTracking: true,
  detectAssemblyMetadata: true,
  enableRecursiveResourceScanning: true,
  maxRecursiveResourceSizeMB: 10
})

The default result mode is detailed. Setting developerMode: true uses developer mode and includes developer guidance when available.

Handling WASM Load Failures

await initScanner({ baseUrl: '/' })

const status = getScannerStatus()
if (status.initError) {
  console.warn('Scanner unavailable, results will be empty:', status.initError.message)
}

To throw instead of falling back:

await initScanner({ baseUrl: '/', throwOnInitFailure: true })

Type Reference

ScanResult

interface ScanResult {
  schemaVersion: '1.2.0'
  metadata: ScanMetadata
  input: ScanInput
  assembly?: AssemblyMetadata | null
  summary: ScanSummary
  findings: Finding[]
  callChains?: CallChain[] | null
  dataFlows?: DataFlowChain[] | null
  developerGuidance?: DeveloperGuidance[] | null
  threatFamilies?: ThreatFamily[] | null
  disposition?: ThreatDisposition | null
}

Finding

interface Finding {
  id?: string | null
  ruleId?: string | null
  description: string
  severity: 'Low' | 'Medium' | 'High' | 'Critical'
  location: string
  codeSnippet?: string | null
  riskScore?: number | null
  callChainId?: string | null
  dataFlowChainId?: string | null
  developerGuidance?: DeveloperGuidance | null
  callChain?: CallChain | null
  dataFlowChain?: DataFlowChain | null
  visibility?: 'Default' | 'Advanced' | null
}

ThreatDisposition

interface ThreatDisposition {
  classification: 'Clean' | 'Suspicious' | 'KnownThreat'
  headline: string
  summary: string
  blockingRecommended: boolean
  primaryThreatFamilyId?: string | null
  relatedFindingIds: string[]
}

For the full type definitions, see types.ts.

Related

Architecture Notes

MLVScan.Core is environment-agnostic. It powers multiple integration points without containing mod loader-specific code.

Licensed under GPL-3.0.