1import{createRequire as SU}from"node:module";var wU=Object.defineProperty;var CU=($)=>$;function PU($,W){this[$]=CU.bind(null,W)}var U9=($,W)=>{for(var Z in W)wU($,Z,{get:W[Z],enum...
L2: `,"utf8"),m_()}function HZ(){return M0().telemetryOptOut}function d_($,W={}){f1({...M0(),telemetryOptOut:$},W)}function l_(){return M0().autoUpdateEnabled}function p_($,W={}){f1({....
L3: `)}function bT($){if(!$||$.length===0)return[];let W=[];for(let Z of $){let Q=yT(Z);if(Q)W.push(Q)}return W}function yT($){let W=$.trim();if(!W)return;let Z=W.match(/^data:([^;,]+)...
L4: `),J}finally{R5.delete($.lockDir),lz($)}}function q1($,W,Z={}){let Q=pz($,Z);return cV(Q,$,W)}async function E5($,W,Z={}){let Q=await rz($,Z);return cV(Q,$,W)}function iz($){let W=...
L5: <html lang="en">
...
L44: </body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}return W}async functi...
CriticalCredential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L1 1Trigger-reachable chain: manifest.main -> dist/index.js
L1: import{createRequire as SU}from"node:module";var wU=Object.defineProperty;var CU=($)=>$;function PU($,W){this[$]=CU.bind(null,W)}var U9=($,W)=>{for(var Z in W)wU($,Z,{get:W[Z],enum...
L2: `,"utf8"),m_()}function HZ(){return M0().telemetryOptOut}function d_($,W={}){f1({...M0(),telemetryOptOut:$},W)}function l_(){return M0().autoUpdateEnabled}function p_($,W={}){f1({....
L3: `)}function bT($){if(!$||$.length===0)return[];let W=[];for(let Z of $){let Q=yT(Z);if(Q)W.push(Q)}return W}function yT($){let W=$.trim();if(!W)return;let Z=W.match(/^data:([^;,]+)...
L4: `),J}finally{R5.delete($.lockDir),lz($)}}function q1($,W,Z={}){let Q=pz($,Z);return cV(Q,$,W)}async function E5($,W,Z={}){let Q=await rz($,Z);return cV(Q,$,W)}function iz($){let W=...
L5: <html lang="en">
...
L44: </body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}…
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1 44</body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}return W}async functi...
HighChild Process
Package source references child process execution.
dist/index.jsView on unpkg · L44 44</body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}return W}async functi...
44</body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}return W}async functi...
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L44 44</body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}return W}async functi...
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L44 3`)}function bT($){if(!$||$.length===0)return[];let W=[];for(let Z of $){let Q=yT(Z);if(Q)W.push(Q)}return W}function yT($){let W=$.trim();if(!W)return;let Z=W.match(/^data:([^;,]+)...
L4: `),J}finally{R5.delete($.lockDir),lz($)}}function q1($,W,Z={}){let Q=pz($,Z);return cV(Q,$,W)}async function E5($,W,Z={}){let Q=await rz($,Z);return cV(Q,$,W)}function iz($){let W=...
L5: <html lang="en">
MediumDynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L3 1import{createRequire as SU}from"node:module";var wU=Object.defineProperty;var CU=($)=>$;function PU($,W){this[$]=CU.bind(null,W)}var U9=($,W)=>{for(var Z in W)wU($,Z,{get:W[Z],enum...
L2: `,"utf8"),m_()}function HZ(){return M0().telemetryOptOut}function d_($,W={}){f1({...M0(),telemetryOptOut:$},W)}function l_(){return M0().autoUpdateEnabled}function p_($,W={}){f1({....
L3: `)}function bT($){if(!$||$.length===0)return[];let W=[];for(let Z of $){let Q=yT(Z);if(Q)W.push(Q)}return W}function yT($){let W=$.trim();if(!W)return;let Z=W.match(/^data:([^;,]+)...
L4: `),J}finally{R5.delete($.lockDir),lz($)}}function q1($,W,Z={}){let Q=pz($,Z);return cV(Q,$,W)}async function E5($,W,Z={}){let Q=await rz($,Z);return cV(Q,$,W)}function iz($){let W=...
L5: <html lang="en">
...
L44: </body>
L45: </html>`;function jj($){let W="";for(let Z=0;Z<$.length;Z+=1)W+=String.fromCharCode($[Z]??0);return btoa(W).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var zZ=Sf();function qZ($,W,Z){if(typeof $==="number"&&$>0)return $;if(Z){let Q=process.env[Z];if(Q){let J=Number(Q);if(Number.isInteger(J)&&J>0)return J}}return W}async functi...
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L1