registry  /  9remote  /  2.0.31

9remote@2.0.31

⚠ Under review

Remote terminal access from anywhere

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 1.66 MB of source, external domains: 127.0.0.1, 9remote.cc, android.googleapis.com, docs.9remote.cc, exp.host, fcm.googleapis.com, github.com, registry.npmjs.org, socket.io, www.apple.com, www.w3.org

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/install.cjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/install.cjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/install.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var d=Object.create;var l=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var p=Object.getOwnPropertyNames;var S=Object.getPrototypeOf,h=Object.prototype.hasOwnProperty...
High
Child Process

Package source references child process execution.

dist/install.cjsView on unpkg · L2
dist/ptyDaemon.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty... L4: `;try{n.default.appendFileSync(w,o)}catch{}console.error(o.trim())}function U(){return process.env.CODESPACES==="true"?process.env.CODESPACE_VSCODE_FOLDER||"/workspaces":process.en...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/ptyDaemon.cjsView on unpkg · L2
1#!/usr/bin/env node L2: const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/ptyDaemon.cjsView on unpkg · L1
dist/server.cjsView file
88L89: `),Al.add(e),r.on("close",()=>Al.delete(e))}function Yw(r,e){ee(e,{...dn,...Ar,desktopEnabled:jt,remoteAvailable:mh})}async function Xw(r,e){let{parseJsonBody:t}=await Promise.reso... L90: `)}});var Fh=O(mE=>{"use strict";var hE=mE;hE.der=Dh();hE.pem=dE()});var $h=O((bG,bE)=>{"use strict";var nj=Wn(),ij=Oh(),gE=As().DecoderBuffer,xE=ql(),vE=Ul();function yE(r){this.e... ... L103: `};Vs.setupSocket(t),i&&i.length&&t.unshift(i);var c=(Vs.isSSL.test(n.target.protocol)?YU:VU).request(Vs.setupOutgoing(n.ssl||{},n,e));return s&&s.emit("proxyReqWs",c,e,t,n,i),c.on... L104: `)[0].replace(/\=|\s+|\"/gi,"").toLowerCase();case"win32":return N.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi,"").toLowerCase();case"linux":return N.toString().replace(/... L105: `:`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/server.cjsView on unpkg · L88
1const __importMetaUrl = require('url').pathToFileURL(__filename).href; L2: var kO=Object.create;var Oa=Object.defineProperty;var OO=Object.getOwnPropertyDescriptor;var PO=Object.getOwnPropertyNames;var MO=Object.getPrototypeOf,IO=Object.prototype.hasOwnPr... L3: `)}catch{}}function bp(r){return r.map(e=>{if(e instanceof Error)return e.stack||e.message;if(typeof e=="object")try{return JSON.stringify(e)}catch{return String(e)}return String(e... L4: === SESSION ${new Date().toISOString()} pid=${process.pid} argv=${process.argv.slice(2).join(" ")} ===`),iP())}function Iv(r){wp=r}function Nv(r=60){try{return Ir.default.readFileS... L5: `).filter(Boolean).slice(-r)}catch{return[]}}function Rn(r){return{info:(...e)=>to(r,"info",bp(e)),warn:(...e)=>to(r,"warn",bp(e)),error:(...e)=>to(r,"error",bp(e))}}var Ir,Sp,Ba,j... L6: `).join(` ... L9: `).map(e=>e.trim()).join(" ")};Fx.O=function(r){return this.inspectOpts.colors=this.useColors,Ja.inspect(r,this.inspectOpts)}});var Ae=O((s6,Up)=>{typeof process>"u"||process.type=... L10: `}),super.onData(e.replace(zM,"\\n")))}doWrite(e,t,n){let i=JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029");e=this.head+i+this.foot,su
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server.cjsView on unpkg · L1
dist/cli.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = 9remote@2.0.26 matchedIdentity = npm:OXJlbW90ZQ:2.0.26 similarity = 0.400 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/cli.cjsView on unpkg
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var ls=Object.create;var Gn=Object.defineProperty;var us=Object.getOwnPropertyDescriptor;var fs=Object.getOwnPropertyNames;var ps=Object.getPrototypeOf,ds=Object.prototype.hasOwnPr... L4: Local: ${t} L5: Right-click to open / quit`}function li(){let{port:e,tunnelUrl:n}=zt,r=process.platform==="win32",o=n?`9Remote (Port ${e}) \u2022 Tunnel ON`:`9Remote (Port ${e}) \u2022 Local only`... L6: `)[0].replace(/\=|\s+|\"/gi,"").toLowerCase();case"win32":return b.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi,"").toLowerCase();case"linux":return b.toString().replace(/... L7: `;for(var d=0;d<a;d+=2){t+=u.WHITE_ALL;for(var h=0;h<a;h++)c[d][h]===s&&c[d+1][h]===s?t+=u.WHITE_ALL:c[d][h]===s&&c[d+1][h]===i?t+=u.WHITE_BLACK:c[d][h]===i&&c[d+1][h]===s?t+=u.BLA... ... L9: `,o.modules.forEach(function(E){t+=Kn,t+=E.map(Da).join(""),t+=Kn+` L10: `}),t+=v}r?r(t):console.log(t)},setErrorLevel:function(e){this.error=Hi[e]||this.error}}});var pn=require("fs"),Ct=require("path"),Wr=require("url"),Yr=A(require("os"),1);var fn=A(... L11: `)){let r=n.trim();if(!r||r.startsWith("#"))continue;let o=r.match(/^([A-Z_][A-Z0-9_]*)
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.cjsView on unpkg · L2
dist/ui/assets/index-CzK2QQU8.jsView file
491(function(_0xe547e2, _0x3ecbad) { L492: var _0x34b1bf = _0x5700, _0x1c5f82 = _0xe547e2(); L493: while (!![]) {
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/ui/assets/index-CzK2QQU8.jsView on unpkg · L491

Findings

1 Critical6 High5 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/cli.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/install.cjs
HighSame File Env Network Executiondist/ptyDaemon.cjs
HighCommand Output Exfiltrationdist/server.cjs
HighSandbox Evasion Gated Capabilitydist/cli.cjs
HighObfuscated Payload Loaderdist/ui/assets/index-CzK2QQU8.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/ptyDaemon.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings