registry  /  @dodoex/wallet-web3  /  0.6.4

@dodoex/wallet-web3@0.6.4

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Manifest
CopyleftLicense
scanned 78 file(s), 10.8 MB of source, external domains: 127.0.0.1, 5irescan.io, abitype.dev, accountkit.alchemy.com, addons.mozilla.org, affectionate-immediate-pollux.explorer.mainnet.skalenodes.com, agung-testnet.subscan.io, alfajores-forno.celo-testnet.org, alpha-rpc-node-http.svmscan.io, alpha-rpc.scroll.io, alpha-zkrollup-rpc.lumoz.org, ancient8.gg, andromeda-explorer.metis.io, andromeda.metis.io, anvm.io, api-debug.particle.network, api-era.zksync.network, api-goerli.etherscan.io, api-holesky.fraxscan.com, api-moonbeam.moonscan.io, api-moonriver.moonscan.io, api-nova.arbiscan.io, api-optimistic.etherscan.io, api-sepolia.basescan.org, api-sepolia.etherscan.io, api-testnet.snowscan.xyz, api-zkevm.polygonscan.com, api.arbiscan.io, api.avax-test.network, api.avax.network, api.baobab.klaytn.net, api.basescan.org, api.blocto.app, api.bscscan.com, api.bttcscan.com, api.calibration.node.glif.io, api.cronoscan.com, api.developer.coinbase.com, api.devnet.solana.com, api.elastos.io, api.etherscan.io, api.evm.eosnetwork.com, api.explorer.execution.mainnet.lukso.network, api.fraxscan.com, api.ftmscan.com, api.g.alchemy.com, api.gnosisscan.io, api.harmony.one, api.hyperspace.node.glif.io, api.kroma.network

Source & flagged code

4 flagged · loading source
dist/index-227927b5.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = import{J...4-n)
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index-227927b5.jsView on unpkg · L1
dist/index-02e42cd2.jsView file
16/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ L17: Object.defineProperty(A,"__esModule",{value:!0}),A.randomBytes=A.wrapConstructorWithOpts=A.wrapConstructor=A.checkOpts=A.Hash=A.concatBytes=A.toBytes=A.utf8ToBytes=A.asyncLoop=A.ne...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index-02e42cd2.jsView on unpkg · L16
dist/alchemy-websocket-provider-213da986-2d698146.jsView file
1import{aN as e,aT as t,aI as s,aU as n,aV as i,aW as o,aX as r,aH as c,aY as l,aZ as a,a_ as h,a$ as u,B as d,b0 as f,b1 as p,aM as m,aQ as b}from"./index-227927b5.js";import{A as ...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/alchemy-websocket-provider-213da986-2d698146.jsView on unpkg · L1
dist/cjs/index-85a2526e.cjsView file
1patternName = generic_password severity = medium line = 1 matchedText = "use str...4-n)
Medium
Secret Pattern

Hardcoded password in dist/cjs/index-85a2526e.cjs

dist/cjs/index-85a2526e.cjsView on unpkg · L1

Findings

1 High7 Medium6 Low
HighObfuscated
MediumSecret Patterndist/index-227927b5.js
MediumDynamic Requiredist/alchemy-websocket-provider-213da986-2d698146.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/cjs/index-85a2526e.cjs
LowScripts Present
LowEvaldist/index-02e42cd2.js
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License