registry  /  9remote  /  2.0.26

9remote@2.0.26

Remote terminal access from anywhere

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 16 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 1.30 MB of source, external domains: 127.0.0.1, 9remote.cc, android.googleapis.com, exp.host, fcm.googleapis.com, github.com, registry.npmjs.org, socket.io, www.apple.com, www.w3.org

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/install.cjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/install.cjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/install.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var m=Object.create;var l=Object.defineProperty;var d=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var p=Object.getPrototypeOf,S=Object.prototype.hasOwnProperty...
High
Child Process

Package source references child process execution.

dist/install.cjsView on unpkg · L2
dist/ptyDaemon.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty... L4: `;try{n.default.appendFileSync(w,o)}catch{}console.error(o.trim())}function U(){return process.env.CODESPACES==="true"?process.env.CODESPACE_VSCODE_FOLDER||"/workspaces":process.en...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/ptyDaemon.cjsView on unpkg · L2
1#!/usr/bin/env node L2: const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/ptyDaemon.cjsView on unpkg · L1
dist/server.cjsView file
88L89: `),Al.add(e),r.on("close",()=>Al.delete(e))}function Kw(r,e){ee(e,{...dn,...Ar,desktopEnabled:jt,remoteAvailable:hh})}async function Vw(r,e){let{parseJsonBody:t}=await Promise.reso... L90: `)}});var jh=O(fE=>{"use strict";var pE=fE;pE.der=Lh();pE.pem=uE()});var Hh=O((vG,xE)=>{"use strict";var ZB=Un(),ej=kh(),dE=Cs().DecoderBuffer,mE=ql(),hE=Ul();function gE(r){this.e... ... L103: `};Vs.setupSocket(t),i&&i.length&&t.unshift(i);var c=(Vs.isSSL.test(n.target.protocol)?GU:WU).request(Vs.setupOutgoing(n.ssl||{},n,e));return s&&s.emit("proxyReqWs",c,e,t,n,i),c.on... L104: `)[0].replace(/\=|\s+|\"/gi,"").toLowerCase();case"win32":return N.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi,"").toLowerCase();case"linux":return N.toString().replace(/... L105: `:`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/server.cjsView on unpkg · L88
1const __importMetaUrl = require('url').pathToFileURL(__filename).href; L2: var TO=Object.create;var ka=Object.defineProperty;var CO=Object.getOwnPropertyDescriptor;var AO=Object.getOwnPropertyNames;var RO=Object.getPrototypeOf,kO=Object.prototype.hasOwnPr... L3: `)}catch{}}function _p(r){return r.map(e=>{if(e instanceof Error)return e.stack||e.message;if(typeof e=="object")try{return JSON.stringify(e)}catch{return String(e)}return String(e... L4: === SESSION ${new Date().toISOString()} pid=${process.pid} argv=${process.argv.slice(2).join(" ")} ===`),eP())}function Pv(r){bp=r}function Mv(r=60){try{return Ir.default.readFileS... L5: `).filter(Boolean).slice(-r)}catch{return[]}}function An(r){return{info:(...e)=>to(r,"info",_p(e)),warn:(...e)=>to(r,"warn",_p(e)),error:(...e)=>to(r,"error",_p(e))}}var Ir,wp,Da,B... L6: `).join(` ... L9: `).map(e=>e.trim()).join(" ")};Bx.O=function(r){return this.inspectOpts.colors=this.useColors,Xa.inspect(r,this.inspectOpts)}});var Ce=O((t6,qp)=>{typeof process>"u"||process.type=... L10: `}),super.onData(e.replace(qM,"\\n")))}doWrite(e,t,n){let i=JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029");e=this.head+i+this.foot,su
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server.cjsView on unpkg · L1
dist/cli.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var ls=Object.create;var Gn=Object.defineProperty;var us=Object.getOwnPropertyDescriptor;var fs=Object.getOwnPropertyNames;var ps=Object.getPrototypeOf,ds=Object.prototype.hasOwnPr... L4: Local: ${t} L5: Right-click to open / quit`}function li(){let{port:e,tunnelUrl:r}=zt,n=process.platform==="win32",o=r?`9Remote (Port ${e}) \u2022 Tunnel ON`:`9Remote (Port ${e}) \u2022 Local only`... L6: `)[0].replace(/\=|\s+|\"/gi,"").toLowerCase();case"win32":return b.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi,"").toLowerCase();case"linux":return b.toString().replace(/... L7: `;for(var d=0;d<a;d+=2){t+=u.WHITE_ALL;for(var h=0;h<a;h++)c[d][h]===s&&c[d+1][h]===s?t+=u.WHITE_ALL:c[d][h]===s&&c[d+1][h]===i?t+=u.WHITE_BLACK:c[d][h]===i&&c[d+1][h]===s?t+=u.BLA... ... L9: `,o.modules.forEach(function(E){t+=Kn,t+=E.map(Na).join(""),t+=Kn+` L10: `}),t+=v}n?n(t):console.log(t)},setErrorLevel:function(e){this.error=Hi[e]||this.error}}});var pn=require("fs"),Ct=require("path"),Wr=require("url"),Yr=A(require("os"),1);var fn=A(... L11: `)){let n=r.trim();if(!n||n.startsWith("#"))continue;let o=n.match(/^([A-Z_][A-Z0-9_]*)
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.cjsView on unpkg · L2

Findings

5 High5 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/install.cjs
HighSame File Env Network Executiondist/ptyDaemon.cjs
HighCommand Output Exfiltrationdist/server.cjs
HighSandbox Evasion Gated Capabilitydist/cli.cjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/ptyDaemon.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings