registry  /  9remote  /  2.0.59

9remote@2.0.59

⚠ Under review

Remote terminal access from anywhere

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 1.82 MB of source, external domains: 127.0.0.1, android.googleapis.com, docs.9remote.cc, exp.host, fcm.googleapis.com, github.com, registry.npmjs.org, socket.io, www.apple.com, www.w3.org

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/install.cjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/install.cjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/install.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var f=Object.create;var l=Object.defineProperty;var S=Object.getOwnPropertyDescriptor;var h=Object.getOwnPropertyNames;var p=Object.getPrototypeOf,b=Object.prototype.hasOwnProperty...
High
Child Process

Package source references child process execution.

dist/install.cjsView on unpkg · L2
dist/ptyDaemon.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = 9remote@2.0.58 matchedIdentity = npm:OXJlbW90ZQ:2.0.58 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/ptyDaemon.cjsView on unpkg
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty... L4: `;try{n.default.appendFileSync(E,o)}catch{}console.error(o.trim())}function Z(){return process.env.CODESPACES==="true"?process.env.CODESPACE_VSCODE_FOLDER||"/workspaces":process.en...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/ptyDaemon.cjsView on unpkg · L2
1#!/usr/bin/env node L2: const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/ptyDaemon.cjsView on unpkg · L1
dist/server.cjsView file
90L91: `),Ml.add(e),r.on("close",()=>Ml.delete(e))}function nS(r,e){ee(e,{...dn,...Ar,desktopEnabled:jt,remoteAvailable:Eh})}async function iS(r,e){let{parseJsonBody:t}=await Promise.reso... L92: `)}});var Kh=O(EE=>{"use strict";var SE=EE;SE.der=Gh();SE.pem=wE()});var Xh=O((IG,OE)=>{"use strict";var vj=Gn(),xj=Fh(),TE=Ms().DecoderBuffer,AE=Kl(),CE=Yl();function RE(r){this.e... ... L105: `};Zs.setupSocket(t),i&&i.length&&t.unshift(i);var c=(Zs.isSSL.test(n.target.protocol)?l4:c4).request(Zs.setupOutgoing(n.ssl||{},n,e));return s&&s.emit("proxyReqWs",c,e,t,n,i),c.on... L106: `)[0].replace(/\=|\s+|\"/gi,"").toLowerCase();case"win32":return N.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi,"").toLowerCase();case"linux":return N.toString().replace(/... L107: `:`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/server.cjsView on unpkg · L90
1const __importMetaUrl = require('url').pathToFileURL(__filename).href; L2: var HO=Object.create;var Ba=Object.defineProperty;var UO=Object.getOwnPropertyDescriptor;var qO=Object.getOwnPropertyNames;var WO=Object.getPrototypeOf,GO=Object.prototype.hasOwnPr... L3: `)}catch{}}function kp(r){return r.map(e=>{if(e instanceof Error)return e.stack||e.message;if(typeof e=="object")try{return JSON.stringify(e)}catch{return String(e)}return String(e... L4: === SESSION ${new Date().toISOString()} pid=${process.pid} argv=${process.argv.slice(2).join(" ")} ===`),vP())}function $v(r){Op=r}function Hv(r=60){try{return Nr.default.readFileS... L5: `).filter(Boolean).slice(-r)}catch{return[]}}function Rn(r){return{info:(...e)=>co(r,"info",kp(e)),warn:(...e)=>co(r,"warn",kp(e)),error:(...e)=>co(r,"error",kp(e))}}var Nr,Pp,Wa,G... L6: `).join(` ... L9: `).map(e=>e.trim()).join(" ")};zx.O=function(r){return this.inspectOpts.colors=this.useColors,ic.inspect(r,this.inspectOpts)}});var Ae=O((v6,Jp)=>{typeof process>"u"||process.type=... L10: `}),super.onData(e.replace(sI,"\\n")))}doWrite(e,t,n){let i=JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029");e=this.head+i+this.foot,su
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server.cjsView on unpkg · L1
dist/ui/assets/index-EcwsBC8r.jsView file
491(function(_0x269b89, _0x4d0ec7) { L492: var _0x3ed6d9 = _0x39ea, _0x1b9592 = _0x269b89(); L493: while (!![]) {
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/ui/assets/index-EcwsBC8r.jsView on unpkg · L491
dist/assets/tray.ps1View file
path = dist/assets/tray.ps1 kind = build_helper sizeBytes = 3954 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/assets/tray.ps1View on unpkg

Findings

1 Critical5 High6 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/ptyDaemon.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/install.cjs
HighSame File Env Network Executiondist/ptyDaemon.cjs
HighCommand Output Exfiltrationdist/server.cjs
HighObfuscated Payload Loaderdist/ui/assets/index-EcwsBC8r.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/ptyDaemon.cjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/assets/tray.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings