registry  /  @browserstack/accessibility-devtools  /  1.5.0

@browserstack/accessibility-devtools@1.5.0

⚠ Under review

Command-line interface for BrowserStack Accessibility DevTools

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 2 file(s), 763 KB of source, external domains: browserstack.io

Source & flagged code

6 flagged · loading source
index.cjsView file
8`,l=1;l<=t.linesAfter&&!(o+l>=i.length);l++)c=xn(e.buffer,r[o+l],i[o+l],e.position-(r[o]-r[o+l]),f),a+=it.repeat(" ",t.indent)+Sn((e.line+l+1).toString(),u)+" | "+c.str+` L9: `;return a.replace(/\n$/,"")}Pi.exports=Vc});var Z=m((I0,Ji)=>{"use strict";var $i=Be(),Uc=["kind","multi","resolve","construct","instanceOf","predicate","represent","representName... L10: \r`;function Ru(e){if(e===null)return!1;var t,n,r=0,i=e.length,s=Wn;for(n=0;n<i;n++)if(t=s.indexOf(e.charAt(n)),!(t>64)){if(t<0)return!1;r+=6}return r%8===0}function Lu(e){var t,n,... ... L33: `+e.slice(o+1):l+=e.slice(i),l.slice(1)}function Hf(e){for(var t="",n=0,r,i=0;i<e.length;n>=65536?i+=2:i++)n=ot(e,i),r=k[n],!r&&ct(n)?(t+=e[i],n>=65536&&(t+=e[i+1])):t+=r||Mf(n);re... L34: `:""}no.exports.dump=$f});var so=m((B0,D)=>{"use strict";var io=Ms(),Jf=ro();function er(e,t){return function(){throw new Error("Function yaml."+e+" is removed in js-yaml 4. Use ya... L35: `).join(`\r ... L39: \r L40: `+n)}function ve(e,t,n,r,i,s){if(e.listenerCount("wsClientError")){let o=new Error(i);Error.captureStackTrace(o,ve),e.emit("wsClientError",o,n,t)}else yt(n,r,i,s)}});var Ca=m((oI,y... L41: `).replace(/^/gm," ".repeat(s))}let c=[`Usa
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

index.cjsView on unpkg · L8
33Trigger-reachable chain: manifest.main -> index.cjs L33: `+e.slice(o+1):l+=e.slice(i),l.slice(1)}function Hf(e){for(var t="",n=0,r,i=0;i<e.length;n>=65536?i+=2:i++)n=ot(e,i),r=k[n],!r&&ct(n)?(t+=e[i],n>=65536&&(t+=e[i+1])):t+=r||Mf(n);re... L34: `:""}no.exports.dump=$f});var so=m((B0,D)=>{"use strict";var io=Ms(),Jf=ro();function er(e,t){return function(){throw new Error("Function yaml."+e+" is removed in js-yaml 4. Use ya... L35: `).join(`\r ... L39: \r L40: `+n)}function ve(e,t,n,r,i,s){if(e.listenerCount("wsClientError")){let o=new Error(i);Error.captureStackTrace(o,ve),e.emit("wsClientError",o,n,t)}else yt(n,r,i,s)}});var Ca=m((oI,y... L41: `).replace(/^/gm," ".repeat(s))}let c=[`Usage: ${n.commandUsage(t)}`,""],u=n.commandDescription(t);u.length>0&&(c=c.concat([n.wrap(u,i,0),""]));let f=n.visibleArguments(t).map(g=>a... ... L48: (Did you mean one of ${r.join(", ")}?)`:r.length===1?` L49: (Did you mean ${r[0]}?)`:""}Da.suggestSimilar=yg});var Va=m(ja=>{"use strict";var Cg=require("node:events").EventEmitter,Kr=require("node:child_process"),ae=require("node:path"),Xr... L50: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultC…
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.cjsView on unpkg · L33
48(Did you mean one of ${r.join(", ")}?)`:r.length===1?` L49: (Did you mean ${r[0]}?)`:""}Da.suggestSimilar=yg});var Va=m(ja=>{"use strict";var Cg=require("node:events").EventEmitter,Kr=require("node:child_process"),ae=require("node:path"),Xr... L50: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultCommandName=t._name),(n.noHelp||n.hidden)&&(t._hidden=!0),this._registerComma...
High
Child Process

Package source references child process execution.

index.cjsView on unpkg · L48
33`+e.slice(o+1):l+=e.slice(i),l.slice(1)}function Hf(e){for(var t="",n=0,r,i=0;i<e.length;n>=65536?i+=2:i++)n=ot(e,i),r=k[n],!r&&ct(n)?(t+=e[i],n>=65536&&(t+=e[i+1])):t+=r||Mf(n);re... L34: `:""}no.exports.dump=$f});var so=m((B0,D)=>{"use strict";var io=Ms(),Jf=ro();function er(e,t){return function(){throw new Error("Function yaml."+e+" is removed in js-yaml 4. Use ya... L35: `).join(`\r ... L48: (Did you mean one of ${r.join(", ")}?)`:r.length===1?` L49: (Did you mean ${r[0]}?)`:""}Da.suggestSimilar=yg});var Va=m(ja=>{"use strict";var Cg=require("node:events").EventEmitter,Kr=require("node:child_process"),ae=require("node:path"),Xr... L50: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultCommandName=t._name),(n.noHelp||n.hidden)&&(t._hidden=!0),this._registerComma...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.cjsView on unpkg · L33
33`+e.slice(o+1):l+=e.slice(i),l.slice(1)}function Hf(e){for(var t="",n=0,r,i=0;i<e.length;n>=65536?i+=2:i++)n=ot(e,i),r=k[n],!r&&ct(n)?(t+=e[i],n>=65536&&(t+=e[i+1])):t+=r||Mf(n);re... L34: `:""}no.exports.dump=$f});var so=m((B0,D)=>{"use strict";var io=Ms(),Jf=ro();function er(e,t){return function(){throw new Error("Function yaml."+e+" is removed in js-yaml 4. Use ya... L35: `).join(`\r ... L39: \r L40: `+n)}function ve(e,t,n,r,i,s){if(e.listenerCount("wsClientError")){let o=new Error(i);Error.captureStackTrace(o,ve),e.emit("wsClientError",o,n,t)}else yt(n,r,i,s)}});var Ca=m((oI,y... L41: `).replace(/^/gm," ".repeat(s))}let c=[`Usage: ${n.commandUsage(t)}`,""],u=n.commandDescription(t);u.length>0&&(c=c.concat([n.wrap(u,i,0),""]));let f=n.visibleArguments(t).map(g=>a... ... L48: (Did you mean one of ${r.join(", ")}?)`:r.length===1?` L49: (Did you mean ${r[0]}?)`:""}Da.suggestSimilar=yg});var Va=m(ja=>{"use strict";var Cg=require("node:events").EventEmitter,Kr=require("node:child_process"),ae=require("node:path"),Xr... L50: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultCommandName=t._name),(n.noHelp||n.hidden)&&(t._hidden=
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.cjsView on unpkg · L33
8`,l=1;l<=t.linesAfter&&!(o+l>=i.length);l++)c=xn(e.buffer,r[o+l],i[o+l],e.position-(r[o]-r[o+l]),f),a+=it.repeat(" ",t.indent)+Sn((e.line+l+1).toString(),u)+" | "+c.str+` L9: `;return a.replace(/\n$/,"")}Pi.exports=Vc});var Z=m((I0,Ji)=>{"use strict";var $i=Be(),Uc=["kind","multi","resolve","construct","instanceOf","predicate","represent","representName... L10: \r`;function Ru(e){if(e===null)return!1;var t,n,r=0,i=e.length,s=Wn;for(n=0;n<i;n++)if(t=s.indexOf(e.charAt(n)),!(t>64)){if(t<0)return!1;r+=6}return r%8===0}function Lu(e){var t,n,... ... L33: `+e.slice(o+1):l+=e.slice(i),l.slice(1)}function Hf(e){for(var t="",n=0,r,i=0;i<e.length;n>=65536?i+=2:i++)n=ot(e,i),r=k[n],!r&&ct(n)?(t+=e[i],n>=65536&&(t+=e[i+1])):t+=r||Mf(n);re... L34: `:""}no.exports.dump=$f});var so=m((B0,D)=>{"use strict";var io=Ms(),Jf=ro();function er(e,t){return function(){throw new Error("Function yaml."+e+" is removed in js-yaml 4. Use ya... L35: `).join(`\r ... L39: \r L40: `+n)}function ve(e,t,n,r,i,s){if(e.listenerCount("wsClientError")){let o=new Error(i);Error.captureStackTrace(o,ve),e.emit("wsClientError",o,n,t)}else yt(n,r,i,s)}});var Ca=m((oI,y... L41: `).replace(/^/gm," ".repeat(s))}let c=[`Usa
Low
Weak Crypto

Package source references weak cryptographic algorithms.

index.cjsView on unpkg · L8

Findings

2 Critical4 High3 Medium6 Low
CriticalRemote Asset Decode Executeindex.cjs
CriticalTrigger Reachable Dangerous Capabilityindex.cjs
HighChild Processindex.cjs
HighShell
HighSame File Env Network Executionindex.cjs
HighCommand Output Exfiltrationindex.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowWeak Cryptoindex.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License