463patternName = private_key_rsa
severity = critical
line = 463
matchedText = `||Y==="...thm.
CriticalCritical Secret
Package contains a critical-looking secret pattern.
dist/src/sdk.jsView on unpkg · L463 4`){if(Y)X+=O_("");let z=Q?H_(Q):void 0;if(Q&&z)X+=z_(z)}else if(H===`
L5: `){if(Q&&H_(Q))X+=z_(Q);if(Y)X+=O_(Y)}}return X},lV0;var jN=s(()=>{EN();IN=`${mV0}8;;`,W_=new RegExp(`(?:\\${K_}(?<code>\\d+)m|\\${IN}(?<uri>.*)${AN})`,"y"),lV0=/\r?\n/});var U1=R(...
L6: `),Y=0,Z=$;for(let U of Q){if(Z<=U.length)break;Z-=U.length+1,Y++}for(Y=Math.max(0,Math.min(Q.length-1,Y+J)),Z=Math.min(Z,Q[Y].length)+D;Z<0&&Y>0;)Y--,Z+=Q[Y].length+1;for(;Z>Q[Y]....
L7: `),X=D.split(`
L8: `),Q=Math.max(J.length,X.length),Y=[];for(let Z=0;Z<Q;Z++)J[Z]!==X[Z]&&Y.push(Z);return{lines:Y,numLinesBefore:J.length,numLinesAfter:X.length,numLines:Q}}function G$($){return $==...
L9: `).map((F,U,G)=>{let q=Y?Y(F,U):F;return U===0?`${X}${q}`:U===G.length-1?`${Q}${q}`:`${J}${q}`}).join(`
...
L14: `).slice(Y);this.output.write(Z.join(`
L15: `)),this._prevFrame=$;return}}this.output.write(AD.erase.down())}this.output.write($),this.state==="initial"&&(this.state="active"),this._prevFrame=$}}}function sV0($,D){if($===voi...
L16: `?`${D}█
...
L19: `&&(this._setUserInput(this.userInput.slice(0,this.cursor-1)+this.userInput.slice(this.cursor)),this._cursor--),!0):(this.#$(`
L20: `),this._cursor++,!1)}constructor($){super(
CriticalRemote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
dist/src/sdk.jsView on unpkg · L4 131Trigger-reachable chain: manifest.exports -> dist/src/sdk.js
L131: `)}function rS0($){if($)process.env.DEBUG=$;else delete process.env.DEBUG}function oS0(){return process.env.DEBUG}function tS0($){$.inspectOpts={};let D=Object.keys(dd.inspectOpts)...
L132: `).map((D)=>D.trim()).join(" ")};md.O=function($){return this.inspectOpts.colors=this.useColors,p3.inspect($,this.inspectOpts)}});var o3=R((WM$,ZL)=>{if(typeof process>"u"||process...
L133:
L134: see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0001");let{srcStat:X,destStat:Q}=await oZ.checkPaths($,D,"copy",J);if(await oZ.checkParentPath...
L135:
L136: see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0002");let{srcStat:X,destStat:Q}=aZ.checkPathsSync($,D,"copy",J);if(aZ.checkParentPathsSync($,...
L137: `,finalEOL:J=!0,replacer:X=null,spaces:Q}={}){let Y=J?D:"",Z=JSON.stringify($,X,Q);if(Z===void 0)throw TypeError(`Converting ${typeof $} value to JSON is not supported`);return Z.r...
L138: `)];for(let[G,q]of U.entries()){if(X+=q,YW.has(q)){let{groups:H}=new RegExp("(?:\\[(?<code>\\d+)m|\\]8;;(?<uri>.*)\x07)").exec(U.slice(G).join(""))||{groups:{}};if(H.co…
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/src/sdk.jsView on unpkg · L131 463patternName = private_key_rsa
severity = critical
line = 463
matchedText = `||Y==="...thm.
472patternName = private_key_rsa
severity = critical
line = 472
matchedText = `+" - T...in(`
650patternName = private_key_rsa
severity = critical
line = 650
matchedText = All pack... Y=`
273L274: see https://github.com/jprichardson/node-fs-extra/issues/269`);jF.checkPaths($,D,"copy",(Q,Y)=>{if(Q)return X(Q);let{srcStat:Z,destStat:F}=Y;jF.checkParentPaths($,Z,D,"copy",(U)=>{...
L275: `)}J60.check=qi0;async function Wi0($){var D;if((D=$.app.extConfig.server)===null||D===void 0?void 0:D.url)return null;if(["",".","..","../","./"].includes($.app.webDir))return`"${...
311export default config;
L312: `}});var kH,p9,fE,L60,B60,E60,R60,A60;var hE=s(()=>{kH=B$(M60(),1),p9=B$(eW(),1),fE=kH.loadConfig,L60=kH.writeConfig,B60=p9.findMonorepoRoot,E60=p9.findNXMonorepoRoot,R60=p9.isMono...
L313: `)}var v60=($,D)=>{$.name="$ZodError",Object.defineProperty($,"_zod",{value:$._zod,enumerable:!1}),Object.defineProperty($,"issues",{value:D,enumerable:!1}),$.message=JSON.stringif...
133L134: see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0001");let{srcStat:X,destStat:Q}=await oZ.checkPaths($,D,"copy",J);if(await oZ.checkParentPath...
L135:
L136: see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0002");let{srcStat:X,destStat:Q}=aZ.checkPathsSync($,D,"copy",J);if(aZ.checkParentPathsSync($,...
L137: `,finalEOL:J=!0,replacer:X=null,spaces:Q}={}){let Y=J?D:"",Z=JSON.stringify($,X,Q);if(Z===void 0)throw TypeError(`Converting ${typeof $} value to JSON is not supported`);return Z.r...
L138: `)];for(let[G,q]of U.entries()){if(X+=q,YW.has(q)){let{groups:H}=new RegExp("(?:\\[(?<code>\\d+)m|\\]8;;(?<uri>.*)\x07)").exec(U.slice(G).join(""))||{groups:{}};if(H.code!==void 0)...
...
L146: `);return W=Math.max(W,O.length),O});for(let z in q)if(Z[z])Z[z].push(...H[z],...Array(W-H[z].length).fill(""))}let F=Z.map((q,W)=>{if(W<Y-1){let H=xn(q);return q.map((z,O)=>`${z}$...
L147: `)}vn.columnar=i_0});var bn=R((yn)=>{Object.defineProperty(yn,"__esModule",{value:!0});yn.TERMINAL_INFO=yn.CI_ENVIRONMENT_VARIABLES_DETECTED=yn.CI_ENVIRONMENT_VARIABLES=void 0;var ...
L148: `}cn.enforceLF=Hk0;function zk0($,D=
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/src/sdk.jsView on unpkg · L133 131`)}function rS0($){if($)process.env.DEBUG=$;else delete process.env.DEBUG}function oS0(){return process.env.DEBUG}function tS0($){$.inspectOpts={};let D=Object.keys(dd.inspectOpts)...
L132: `).map((D)=>D.trim()).join(" ")};md.O=function($){return this.inspectOpts.colors=this.useColors,p3.inspect($,this.inspectOpts)}});var o3=R((WM$,ZL)=>{if(typeof process>"u"||process...
L133:
L134: see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0001");let{srcStat:X,destStat:Q}=await oZ.checkPaths($,D,"copy",J);if(await oZ.checkParentPath...
L135:
L136: see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0002");let{srcStat:X,destStat:Q}=aZ.checkPathsSync($,D,"copy",J);if(aZ.checkParentPathsSync($,...
L137: `,finalEOL:J=!0,replacer:X=null,spaces:Q}={}){let Y=J?D:"",Z=JSON.stringify($,X,Q);if(Z===void 0)throw TypeError(`Converting ${typeof $} value to JSON is not supported`);return Z.r...
L138: `)];for(let[G,q]of U.entries()){if(X+=q,YW.has(q)){let{groups:H}=new RegExp("(?:\\[(?<code>\\d+)m|\\]8;;(?<uri>.*)\x07)").exec(U.slice(G).join(""))||{groups:{}};if(H.code!==void 0)...
...
L146: `);return W=Math.max(W,O.length),O})
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/src/sdk.jsView on unpkg · L131 125`)}),D}});var vm=R((Rw$,xm)=>{var I9=a("constants"),XP0=process.cwd,P3=null,QP0=process.env.GRACEFUL_FS_PLATFORM||process.platform;process.cwd=function(){if(!P3)P3=XP0.call(process...
L126: GFS4: `),console.error($)};if(!A1[GD]){if(fM=global[GD]||[],bm(A1,fM),A1.close=function($){function D(J,X){return $.call(A1,J,function(Q){if(!Q)hm();if(typeof X==="function")X.appl...
L127: `)}}});var OX=s(()=>{Pd()});async function l3($){try{let J=`https://registry.npmjs.org/${encodeURIComponent($.toLowerCase())}`,X=await fetch(J,{headers:{accept:"application/vnd.npm...
HighObfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/src/sdk.jsView on unpkg · L125 108${L}`}});var Ff=R((Yf)=>{Object.defineProperty(Yf,"__esModule",{value:!0});Yf.WebAuthnUnknownError=Yf.WebAuthnError=void 0;Yf.isWebAuthnError=_B0;Yf.identifyRegistrationError=kB0;Y...
L109: `);let M=await K.signMessage(new TextEncoder().encode(z),"utf8");if(!M||!(M instanceof Uint8Array))throw Error("@supabase/auth-js: Wallet signMessage() API returned an recognized v...
L110: `)!=-1,X=this._styles,Q=X.length;while(Q--){var Y=d7[X[Q]];if(D=Y.open+D.replace(Y.closeRe,Y.open)+Y.close,J)D=D.replace(_20,function(Z){return Y.close+Z+Y.open})}return D}V$.setTh...
MediumDynamic Require
Package source references dynamic require/import behavior.
dist/src/sdk.jsView on unpkg · L108 4`){if(Y)X+=O_("");let z=Q?H_(Q):void 0;if(Q&&z)X+=z_(z)}else if(H===`
L5: `){if(Q&&H_(Q))X+=z_(Q);if(Y)X+=O_(Y)}}return X},lV0;var jN=s(()=>{EN();IN=`${mV0}8;;`,W_=new RegExp(`(?:\\${K_}(?<code>\\d+)m|\\${IN}(?<uri>.*)${AN})`,"y"),lV0=/\r?\n/});var U1=R(...
L6: `),Y=0,Z=$;for(let U of Q){if(Z<=U.length)break;Z-=U.length+1,Y++}for(Y=Math.max(0,Math.min(Q.length-1,Y+J)),Z=Math.min(Z,Q[Y].length)+D;Z<0&&Y>0;)Y--,Z+=Q[Y].length+1;for(;Z>Q[Y]....
L7: `),X=D.split(`
L8: `),Q=Math.max(J.length,X.length),Y=[];for(let Z=0;Z<Q;Z++)J[Z]!==X[Z]&&Y.push(Z);return{lines:Y,numLinesBefore:J.length,numLinesAfter:X.length,numLines:Q}}function G$($){return $==...
L9: `).map((F,U,G)=>{let q=Y?Y(F,U):F;return U===0?`${X}${q}`:U===G.length-1?`${Q}${q}`:`${J}${q}`}).join(`
...
L14: `).slice(Y);this.output.write(Z.join(`
L15: `)),this._prevFrame=$;return}}this.output.write(AD.erase.down())}this.output.write($),this.state==="initial"&&(this.state="active"),this._prevFrame=$}}}function sV0($,D){if($===voi...
L16: `?`${D}█
...
L19: `&&(this._setUserInput(this.userInput.slice(0,this.cursor-1)+this.userInput.slice(this.cursor)),this._cursor--),!0):(this.#$(`
L20: `),this._cursor++,!1)}constructor($){super(
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/src/sdk.jsView on unpkg · L4