registry  /  9remote  /  2.0.70

9remote@2.0.70

Remote terminal access from anywhere

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 1.95 MB of source, external domains: 127.0.0.1, android.googleapis.com, docs.9remote.cc, exp.host, fcm.googleapis.com, github.com, registry.npmjs.org, socket.io, www.apple.com, www.w3.org

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/install.cjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/install.cjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/install.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var f=Object.create;var l=Object.defineProperty;var S=Object.getOwnPropertyDescriptor;var h=Object.getOwnPropertyNames;var p=Object.getPrototypeOf,b=Object.prototype.hasOwnProperty...
High
Child Process

Package source references child process execution.

dist/install.cjsView on unpkg · L2
dist/ptyDaemon.cjsView file
2const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty... L4: `;try{n.default.appendFileSync(E,o)}catch{}console.error(o.trim())}function Z(){return process.env.CODESPACES==="true"?process.env.CODESPACE_VSCODE_FOLDER||"/workspaces":process.en...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/ptyDaemon.cjsView on unpkg · L2
1#!/usr/bin/env node L2: const __importMetaUrl = require('url').pathToFileURL(__filename).href; L3: var A=Object.create;var L=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var $=Object.getOwnPropertyNames;var q=Object.getPrototypeOf,F=Object.prototype.hasOwnProperty...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/ptyDaemon.cjsView on unpkg · L1
dist/server.cjsView file
90L91: `),Rl.add(e),r.on("close",()=>Rl.delete(e))}function Gw(r,e){ee(e,{...vn,...Mr,desktopEnabled:qt,remoteAvailable:xh})}async function zw(r,e){let{parseJsonBody:t}=await Promise.reso... L92: `)}});var sm=O(IE=>{"use strict";var PE=IE;PE.der=tm();PE.pem=ME()});var om=O((Rz,FE)=>{"use strict";var Bj=Kn(),jj=Yh(),NE=Hi().DecoderBuffer,DE=nu(),LE=su();function BE(r){this.e... ... L105: `};ao.setupSocket(t),s&&s.length&&t.unshift(s);var c=(ao.isSSL.test(n.target.protocol)?Q4:J4).request(ao.setupOutgoing(n.ssl||{},n,e));return i&&i.emit("proxyReqWs",c,e,t,n,s),c.on... L106: `)[0].replace(/\=|\s+|\"/gi,"").toLowerCase();case"win32":return L.toString().split("REG_SZ")[1].replace(/\r+|\n+|\s+/gi,"").toLowerCase();case"linux":return L.toString().replace(/... L107: `:`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/server.cjsView on unpkg · L90
1const __importMetaUrl = require('url').pathToFileURL(__filename).href; L2: var oM=Object.create;var Ga=Object.defineProperty;var aM=Object.getOwnPropertyDescriptor;var cM=Object.getOwnPropertyNames;var lM=Object.getPrototypeOf,uM=Object.prototype.hasOwnPr... L3: `)}catch{}}function Fp(r){return r.map(e=>{if(e instanceof Error)return e.stack||e.message;if(typeof e=="object")try{return JSON.stringify(e)}catch{return String(e)}return String(e... L4: === SESSION ${new Date().toISOString()} pid=${process.pid} argv=${process.argv.slice(2).join(" ")} ===`),DM())}function Qv(r){Hp=r}function Zv(r=60){try{return jr.default.readFileS... L5: `).filter(Boolean).slice(-r)}catch{return[]}}function In(r){return{info:(...e)=>vo(r,"info",Fp(e)),warn:(...e)=>vo(r,"warn",Fp(e)),error:(...e)=>vo(r,"error",Fp(e))}}var jr,$p,Qa,Z... L6: `).join(` ... L9: `).map(e=>e.trim()).join(" ")};nx.O=function(r){return this.inspectOpts.colors=this.useColors,fc.inspect(r,this.inspectOpts)}});var ke=O((cW,af)=>{typeof process>"u"||process.type=... L10: `}),super.onData(e.replace(TI,"\\n")))}doWrite(e,t,n){let s=JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029");e=this.head+s+this.foot,su
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server.cjsView on unpkg · L1
dist/ui/assets/index-B5-dTL6k.jsView file
38})(); L39: var _0x2e6ea1 = _0x14ae; L40: (function(_0x5e9d1f, _0x540a89) {
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/ui/assets/index-B5-dTL6k.jsView on unpkg · L38
dist/assets/tray.ps1View file
path = dist/assets/tray.ps1 kind = build_helper sizeBytes = 3954 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/assets/tray.ps1View on unpkg

Findings

5 High6 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/install.cjs
HighSame File Env Network Executiondist/ptyDaemon.cjs
HighCommand Output Exfiltrationdist/server.cjs
HighObfuscated Payload Loaderdist/ui/assets/index-B5-dTL6k.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/ptyDaemon.cjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/assets/tray.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings