registry  /  @acedatacloud/nexior  /  3.304.0

@acedatacloud/nexior@3.304.0

⚠ Under review

<div align="center">

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,086 file(s), 14.6 MB of source, external domains: api-test.acedata.cloud, api.acedata.cloud, api.devnet.solana.com, api.mainnet-beta.solana.com, api.testnet.solana.com, api.web3modal.org, auth-test.acedata.cloud, auth.acedata.cloud, basescan.org, cdn.acedata.cloud, cdn.plyr.io, coding-bridge-test.acedata.cloud, coding-bridge.acedata.cloud, connect.solflare.com, echo.walletconnect.com, element-plus.org, example.com, exemplo.com, fonts.googleapis.com, fpjs.dev, github.com, go.aniview.com, go.cb-w.com, hub-test.acedata.cloud, hub.acedata.cloud, i.ytimg.com, imasdk.googleapis.com, m1.openfpcdn.io, mainnet.base.org, midas.gtimg.cn, next.vuex.vuejs.org, nightly.app, noembed.com, phantom.app, platform-test.acedata.cloud, platform.acedata.cloud, player.vimeo.com, pulse.walletconnect.org, rpc.walletconnect.org, rumt-zh.com, schema.org, secure.walletconnect.org, sepolia.base.org, sepolia.basescan.org, skale-base-explorer.skalenodes.com, skale-base.skalenodes.com, solanamobile.com, solflare.com, solscan.io, static.aipedias.com

Source & flagged code

2 flagged · loading source
dist/assets/solana-wallets-vue-D0dVm7zd.jsView file
1import{$ as e,A as t,C as n,Ct as r,D as i,E as a,Et as o,F as s,H as c,Ht as l,I as u,J as d,L as f,N as p,O as m,Ot as h,P as g,S as _,St as v,Tt as y,Ut as b,Vt as x,Wt as S,Z a... L2: `;t+=`${e.address}`,e.statement&&(t+=` ... L6: ${n.join(` L7: `)}`),t}var V={ERROR_ASSOCIATION_PORT_OUT_OF_RANGE:`ERROR_ASSOCIATION_PORT_OUT_OF_RANGE`,ERROR_REFLECTOR_ID_OUT_OF_RANGE:`ERROR_REFLECTOR_ID_OUT_OF_RANGE`,ERROR_FORBIDDEN_WALLET_BA... L8: ]))+`;G.KANJI=new RegExp(e,`g`),G.BYTE_KANJI=RegExp(`[^A-Z0-9 $%*+\\-./:]+`,`g`),G.BYTE=new RegExp(t,`g`),G.NUMERIC=RegExp(`[0-9]+`,`g`),G.ALPHANUMERIC=RegExp(`[A-Z $%*+\\-./:]+`,`...
Critical
Clipboard Crypto Hijack

Source reads and rewrites clipboard contents matching cryptocurrency wallet addresses.

dist/assets/solana-wallets-vue-D0dVm7zd.jsView on unpkg · L1
dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg

Findings

1 Critical1 High3 Medium6 Low
CriticalClipboard Crypto Hijackdist/assets/solana-wallets-vue-D0dVm7zd.js
HighShips High Entropy Blobdist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings