registry  /  @adguard/dnr-rulesets  /  4.0.20260702180041

@adguard/dnr-rulesets@4.0.20260702180041

⚠ Under review

Utility to create AdGuard DNR rulesets for mv3 extensions

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
CopyleftLicense
scanned 3 file(s), 2.30 MB of source, external domains: af.gog.com, dai.google.com, file-upload.org, filters.adtidy.org, foo.com, future-sale-system.de, googleads.g.doubleclick.net, pubads.g.doubleclick.net, securepubads.g.doubleclick.net, www.facebook.com, www.gog.com, www.iab.net, www.ndtv.com, www.wp.pl
Oversized source lightweight scan
dist/cli.cjs3.80 MB file, sampled 256 KB
FilesystemNetworkCrypto

Source & flagged code

5 flagged · loading source
dist/lib/index.jsView file
10import { fileURLToPath } from 'node:url'; L11: import axios from 'axios'; L12: import fastGlob from 'fast-glob'; ... L951: var reservedWords = { L952: 3: "abstract boolean byte char class double enum export extends final float goto implements import int interface long native package private protected public short static super syn... L953: 5: "class enum extends super const export import", ... L1000: if (code <= 0xffff) { L1001: return code >= 0xaa && nonASCIIidentifierStart.test(String.fromCharCode(code)); L1002: } ... L8241: start: S.token, L8242: body: block_(), L8243: end: prev()
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/lib/index.jsView on unpkg · L10
dist/filters/local_script_rules.jsView file
1export const localScriptRules = { L2: '(function(){var a=document.currentScript,b=String.prototype.charCodeAt,c=function(){return true;};Object.defineProperty(String.prototype,"charCodeAt",{get:function(){return docume... L3: try { ... L378: }, L379: '!function(){const p={apply:(p,e,n)=>{const r=Reflect.apply(p,e,n),s=r?.[0]?.props?.data;return s&&null===s.user&&(r[0].props.data.user="guest"),r}};window.JSON.parse=new Proxy(win... L380: try { ... L712: }, L713: "(()=>{const e=function(){};window.tC={privacy:{getOptinCategories:e,cookieData:[]},addConsentChangeListener:e,removeConsentChangeListener:e,container:{reload:e}},window.tc_events_... L714: try { ... L3018: }, L3019: '(function(){var b=XMLHttpRequest.prototype.open,c=/[/.@](piguiqproxy\\.com|rcdn\\.pro|amgload\\.net|dsn-fishki\\.ru|v6t39t\\.ru|greencuttlefish\\.com|rgy1wk\\.ru|vt4dlx\\.ru|d38du... L3020: try {
Critical
Global Object Hijack Exfiltration

Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.

dist/filters/local_script_rules.jsView on unpkg · L1
dist/re2.wasmView file
path = dist/re2.wasm kind = wasm_module sizeBytes = 892736 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/re2.wasmView on unpkg
dist/cli.cjsView file
path = dist/cli.cjs kind = oversized_source_file sizeBytes = 3987122 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/cli.cjsView on unpkg
path = dist/cli.cjs kind = oversized_cli_entrypoint sizeBytes = 3987122 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.cjsView on unpkg

Findings

1 Critical1 High4 Medium7 Low
CriticalGlobal Object Hijack Exfiltrationdist/filters/local_script_rules.js
HighOversized Source Filedist/cli.cjs
MediumNetwork
MediumShips Wasm Moduledist/re2.wasm
MediumOversized Cli Entrypointdist/cli.cjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/lib/index.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License