registry  /  @dcrays/dcgchat-test  /  0.6.10

@dcrays/dcgchat-test@0.6.10

书灵墨宝Channel插件

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.39 MB of source, external domains: github.com, goo.gl, registry.npmjs.org, sts.aliyuncs.com, www.w3.org

Source & flagged code

4 flagged · loading source
index.jsView file
39`+t.prev+t.base;return r+Jr.call(e,","+r)+` L40: `+t.prev}function Kl(e,t){var r=ng(e),n=[];if(r){n.length=e.length;for(var i=0;i<e.length;i++)n[i]=En(e,i)?t(e[i],e):""}var s=typeof Qm=="function"?Qm(e):[],o;if(co){o={};for(var a... L41: `}return s}});var XO=_((ile,VO)=>{"use strict";var st=z("util").debuglog("formstream"),Oz=z("stream"),Az=z("crypto"),Iz=PO(),Rz=z("util"),wp=fc(),GO=z("path"),qz=z("fs"),Pz=zO(),oi...
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L39
24`},headless:!1,chunkSize:1e4,emptyTag:"",cdata:!1}}}).call(Sm)});var Kr=_((M1,Jn)=>{(function(){var e,t,r,n,i,s,o,a=[].slice,c={}.hasOwnProperty;e=function(){var u,l,f,p,d,h;if(h=a... L25: `,g.offset=(q=b.offset)!=null?q:0,g.dontPrettyTextNodes=(T=(w=b.dontPrettyTextNodes)!=null?w:b.dontprettytextnodes)!=null?T:0,g.spaceBeforeSlash=(O=(I=b.spaceBeforeSlash)!=null?I:b... L26: `||C==="\r"||C===" "}function y(C){return C==='"'||C==="'"}function k(C){return C===">"||g(C)}function q(C,x){return C.test(x)}function T(C,x){return!q(C,x)}var w=0;e.STATE={BEGIN:... ... L33: `?(x.line++,x.column=0):x.column++);x.textNode+=C.substring(ce,V-1)}F==="<"&&!(x.sawRoot&&x.closedRoot&&!x.strict)?(x.state=w.OPEN_WAKA,x.startTagPosition=x.position):(!g(F)&&(!x.s... L34: `?(x.line++,x.column=0):x.column++);x.cdata+=C.substring(ce,V-1),F==="]"&&(x.state=w.CDATA_ENDING);continue;case w.CDATA_ENDING:F==="]"?x.state=w.CDATA_ENDING_2:(x.cdata+="]"+F,x.s... L35: GFS4: `),console.error(e)});Ye[Pt]||(YE=global[Pt]||[],ZE(Ye,YE),Ye.close=(function(e){function t(r,n){return e.call(Ye,r,function(i){i||QE(),typeof n=="function"&&n.apply(this,arg... ... L39: `+t.prev+t.base;return r+Jr.call(e,","+r)+` L40: `+t.
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.jsView on unpkg · L24
95https://help.aliyun.com/document_detail/32069.html`);return i.stream&&(i.stream=null,a.stream=null),{name:t,etag:u.res.headers.etag,res:u.res}}});var J8=_((Wfe,X8)=>{X8.exports=fun... L96: <Style><Content>${i}</Content></Style>`;let a=await this.ossClient.request(o);return a=await this._parseResponse(a),{res:a.res,data:a.data}},t.prototype.getStyle=async function(n,i... L97: [%s][pid: %s][%s][%s] %s: %s ... L100: %s`,t.join(` L101: `)),console.error()}}});var c4=_((Vfe,a4)=>{"use strict";var _v=z("os"),cJ=z("fs"),uJ=z("child_process"),lJ="/etc/resolv.conf";function o4(){var e="eth",t=_v.platform();return t===... L102: `),i=0;i<n.length;i++){var s=n[i].trimRight(),o=n4.exec(s)||i4.exec(s);if(o){var a=o[1];if(a.indexOf(t)===0){var c=null,u=null,l=s4.exec(s);for(l&&(u=l[1]),i++;;){if(s=n[i],!s||n4.... L103: `),o=0;o<s.length;o++){var a=s[o].trim(),c=hJ.exec(a);c&&i.push(c[1])}t(null,i)})};a4.exports=nr});var p4=_((Xfe,l4)=>{var u4=t4(),mJ=z("util"),gJ=wv(),yJ=br(),vJ=c4().ip(),bJ="rou... L104: raw xml: ${i}`,a.status=t.status,a.requestId=t.headers&&t.headers["x-oss-request-id"],a}let o=s.Message||`unknow request error, status: ${t.status}`;return s.Condition&&(o+=` (cond... ... L
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L95
115see https://github.com/jprichardson/node-fs-extra/issues/269`,"Warning","fs-extra-WARN0002");let{srcStat:n,destStat:i}=nu.checkPathsSync(e,t,"copy",r);if(nu.checkParentPathsSync(e,... L116: `,finalEOL:r=!0,replacer:n=null,spaces:i}={}){let s=r?t:"",o=JSON.stringify(e,n,i);if(o===void 0)throw new TypeError(`Converting ${typeof e} value to JSON is not supported`);return... L117:
Low
Eval

Package source references a known benign dynamic code generation pattern.

index.jsView on unpkg · L115

Findings

5 High3 Medium4 Low
HighChild Processindex.js
HighShell
HighSame File Env Network Executionindex.js
HighCommand Output Exfiltrationindex.js
HighObfuscated
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowEvalindex.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings