registry  /  @adguard/dnr-rulesets  /  4.1.20260703200042

@adguard/dnr-rulesets@4.1.20260703200042

⚠ Under review

Utility to create AdGuard DNR rulesets for mv3 extensions

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
CopyleftLicense
scanned 4 file(s), 3.12 MB of source, external domains: af.gog.com, dai.google.com, file-upload.org, filters.adtidy.org, foo.com, future-sale-system.de, googleads.g.doubleclick.net, pubads.g.doubleclick.net, securepubads.g.doubleclick.net, www.facebook.com, www.gog.com, www.iab.net, www.ndtv.com, www.wp.pl
Oversized source lightweight scan
dist/cli.cjs3.81 MB file, sampled 256 KB
FilesystemNetworkCryptoUrlStringsfilters.adtidy.org

Source & flagged code

5 flagged · loading source
dist/lib/index.jsView file
10import { fileURLToPath } from 'node:url'; L11: import axios from 'axios'; L12: import fastGlob from 'fast-glob'; ... L999: var reservedWords = { L1000: 3: "abstract boolean byte char class double enum export extends final float goto implements import int interface long native package private protected public short static super syn... L1001: 5: "class enum extends super const export import", ... L1048: if (code <= 0xffff) { L1049: return code >= 0xaa && nonASCIIidentifierStart.test(String.fromCharCode(code)); L1050: } ... L8289: start: S.token, L8290: body: block_(), L8291: end: prev()
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/lib/index.jsView on unpkg · L10
dist/filters/opera-mv3/local_script_rules.jsView file
1export const localScriptRules = { L2: '(function(){var a=document.currentScript,b=String.prototype.charCodeAt,c=function(){return true;};Object.defineProperty(String.prototype,"charCodeAt",{get:function(){return docume... L3: try { ... L378: }, L379: "document.addEventListener('click',function(e){var t=e.target.closest('.click_coupons_code');if(!t)return;e.stopPropagation();e.preventDefault();var u=t.dataset.hrefAlt||null;if(u)... L380: try { ... L446: }, L447: '!function(){const p={apply:(p,e,n)=>{const r=Reflect.apply(p,e,n),s=r?.[0]?.props?.data;return s&&null===s.user&&(r[0].props.data.user="guest"),r}};window.JSON.parse=new Proxy(win... L448: try { ... L801: }, L802: "(()=>{const e=function(){};window.tC={privacy:{getOptinCategories:e,cookieData:[]},addConsentChangeListener:e,removeConsentChangeListener:e,container:{reload:e}},window.tc_events_... L803: try {
Critical
Global Object Hijack Exfiltration

Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.

dist/filters/opera-mv3/local_script_rules.jsView on unpkg · L1
dist/re2.wasmView file
path = dist/re2.wasm kind = wasm_module sizeBytes = 892736 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/re2.wasmView on unpkg
dist/cli.cjsView file
path = dist/cli.cjs kind = oversized_source_file sizeBytes = 3990879 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/cli.cjsView on unpkg
path = dist/cli.cjs kind = oversized_cli_entrypoint sizeBytes = 3990879 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.cjsView on unpkg

Findings

1 Critical1 High4 Medium7 Low
CriticalGlobal Object Hijack Exfiltrationdist/filters/opera-mv3/local_script_rules.js
HighOversized Source Filedist/cli.cjs
MediumNetwork
MediumShips Wasm Moduledist/re2.wasm
MediumOversized Cli Entrypointdist/cli.cjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/lib/index.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License