registry  /  @abraca/dabra  /  2.53.0

@abraca/dabra@2.53.0

abracadabra provider

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkWebSocket
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 71 file(s), 1.93 MB of source

Source & flagged code

2 flagged · loading source
dist/abracadabra-provider.esm.jsView file
129*/ L130: const fromCharCode = String.fromCharCode; L131: const fromCodePoint = String.fromCodePoint; ... L178: * Encodes numbers in little-endian order (least to most significant byte order) L179: * and is compatible with Golang's binary encoding (https://golang.org/pkg/encoding/binary/) L180: * which is also used in Protocol Buffers. ... L1274: if (this.configuration.providerMap.get(name) === provider) { L1275: provider.send(CloseMessage, { documentName: name }); L1276: this.configuration.providerMap.delete(name); ... L6397: /** L6398: * "Constant-time" private key generation utility. L6399: * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/abracadabra-provider.esm.jsView on unpkg · L129
7572}, L7573: eval(a, x, brp = false) { L7574: checkLength(a);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/abracadabra-provider.esm.jsView on unpkg · L7572

Findings

1 High3 Medium4 Low
HighObfuscated Payload Loaderdist/abracadabra-provider.esm.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/abracadabra-provider.esm.js
LowFilesystem
LowHigh Entropy Strings