initial: v0.1 MVP scaffold

Phase A complete — CLI + 5 scanner modules + reporter:
- ftp-walker: basic-ftp + ssh2-sftp-client adapters with upload/download/walk
- core-diff: MD5 check vs api.wordpress.org checksums
- dropper-hunter: extension-blind PHP detection (catches .css/.svg/.tmp droppers)
- cloaker-test: dual-UA (Googlebot vs browser) with sitemap auto-discovery
- db-scanner: options, users, sessions, action-scheduler hooks
- remote-helper: server-side scan with base64-obfuscated patterns (WAF bypass)
- reporter: JSON + HTML + CLI output with severity-based exit codes

Inspired by sweetbabyroom.pl hack recovery — captures techniques that detected
a dropper Wordfence/custom scanners missed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

package.json

@@ -0,0 +1,48 @@
+{
+  "name": "sbr-malwscan",
+  "version": "0.1.0",
+  "description": "Malware persistence scanner for WordPress — detects droppers, cloakers, core file tampering, and DB persistence that standard tools miss",
+  "type": "module",
+  "bin": {
+    "sbr-malwscan": "./dist/cli.js"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/cli.ts",
+    "start": "node dist/cli.js",
+    "test": "node --test tests/",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  },
+  "keywords": ["wordpress", "malware", "scanner", "security", "cli", "audit", "dropper", "cloaker"],
+  "author": "Jacek Pyziak",
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "basic-ftp": "^5.0.5",
+    "ssh2-sftp-client": "^10.0.3",
+    "commander": "^12.1.0",
+    "chalk": "^5.3.0",
+    "ora": "^8.1.0",
+    "mysql2": "^3.11.0",
+    "undici": "^6.19.8",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/node": "^22.5.0",
+    "@types/ssh2-sftp-client": "^9.0.4",
+    "tsx": "^4.19.0",
+    "typescript": "^5.5.4"
+  },
+  "files": [
+    "dist/",
+    "helpers/",
+    "patterns/",
+    "README.md",
+    "LICENSE"
+  ]
+}