registry  /  @easbot/utils  /  0.2.48

@easbot/utils@0.2.48

Shared utilities library for EASBOT ecosystem

Static Scan Results

scanned 8h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 491 KB of source, external domains: nodejs.org, yarnpkg.com

Source & flagged code

6 flagged · loading source
dist/chunks/main-ZMRSNK7G.mjsView file
62of "package.json" is used by esbuild to install the correct binary executable L63: for your current platform.`)}throw o}}if(/\.zip\//.test(n)){let o;try{o=a("pnpapi");}catch{}if(o){let s=o.getPackageInformation(o.topLevel).packageLocation,a=ne.join(s,"node_module... L64:
High
Child Process

Package source references child process execution.

dist/chunks/main-ZMRSNK7G.mjsView on unpkg · L62
dist/index.cjsView file
1'use strict';var chunkYPKMFQLR_cjs=require('./chunks/chunk-YPKMFQLR.cjs'),chunkPYCQUF3V_cjs=require('./chunks/chunk-PYCQUF3V.cjs'),chunkWWPI6PC4_cjs=require('./chunks/chunk-WWPI6PC... L2: Full ${u} saved to: ${l}
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjsView on unpkg · L1
1'use strict';var chunkYPKMFQLR_cjs=require('./chunks/chunk-YPKMFQLR.cjs'),chunkPYCQUF3V_cjs=require('./chunks/chunk-PYCQUF3V.cjs'),chunkWWPI6PC4_cjs=require('./chunks/chunk-WWPI6PC... L2: Full ${u} saved to: ${l} ... L11: L12: ${se}`,truncated:true,outputPath:G,originalLength:l.length,removedLength:de,label:E}}p.truncate=a;function i(l){return l.truncated?s(l.outputPath,l.label):""}p.formatHint=i;async f... L13: ${s.stderr}`),{stdout:a.stdout,stderr:a.stderr,exitCode:a.exitCode});return a},o=r();return Object.defineProperty(o,"stdin",{get(){throw new Error("stdin is not yet supported in Ea...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.cjsView on unpkg · L1
1Cross-file remote execution chain: dist/index.cjs spawns dist/chunks/chunk-AHO55TRS.cjs; helper contains network access plus dynamic code execution. L1: 'use strict';var chunkYPKMFQLR_cjs=require('./chunks/chunk-YPKMFQLR.cjs'),chunkPYCQUF3V_cjs=require('./chunks/chunk-PYCQUF3V.cjs'),chunkWWPI6PC4_cjs=require('./chunks/chunk-WWPI6PC... L2: Full ${u} saved to: ${l} ... L11: L12: ${se}`,truncated:true,outputPath:G,originalLength:l.length,removedLength:de,label:E}}p.truncate=a;function i(l){return l.truncated?s(l.outputPath,l.label):""}p.formatHint=i;async f... L13: ${s.stderr}`),{stdout:a.stdout,stderr:a.stderr,exitCode:a.exitCode});return a},o=r();return Object.defineProperty(o,"stdin",{get(){throw new Error("stdin is not yet supported in Ea... L14: `),A=F.length>0?F[0]?.trim():null;if(A){X.set(h,A),T(A);return}}X.set(h,null),T(null);}),setTimeout(()=>{I.kill(),X.set(h,null),T(null);},5e3);})}catch{return X.set(h,null),null}}_... L15: `),I=T.length>0?T[0]?.trim():null;if(I)return X.set(h,I),I}}catch{}return X.set(h,null),null}_.whichSync=r;function o(){X.clear();}_.clearWhichCache=o;let s=module$1.createRequire(... L16: `).filter(d=>d.trim()&&!d.startsWith("#")))):["/bin/bash","/bi…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.cjsView on unpkg · L1
1'use strict';var chunkYPKMFQLR_cjs=require('./chunks/chunk-YPKMFQLR.cjs'),chunkPYCQUF3V_cjs=require('./chunks/chunk-PYCQUF3V.cjs'),chunkWWPI6PC4_cjs=require('./chunks/chunk-WWPI6PC... L2: Full ${u} saved to: ${l} ... L11: L12: ${se}`,truncated:true,outputPath:G,originalLength:l.length,removedLength:de,label:E}}p.truncate=a;function i(l){return l.truncated?s(l.outputPath,l.label):""}p.formatHint=i;async f... L13: ${s.stderr}`),{stdout:a.stdout,stderr:a.stderr,exitCode:a.exitCode});return a},o=r();return Object.defineProperty(o,"stdin",{get(){throw new Error("stdin is not yet supported in Ea... L14: `),A=F.length>0?F[0]?.trim():null;if(A){X.set(h,A),T(A);return}}X.set(h,null),T(null);}),setTimeout(()=>{I.kill(),X.set(h,null),T(null);},5e3);})}catch{return X.set(h,null),null}}_... L15: `),I=T.length>0?T[0]?.trim():null;if(I)return X.set(h,I),I}}catch{}return X.set(h,null),null}_.whichSync=r;function o(){X.clear();}_.clearWhichCache=o;let s=module$1.createRequire(... L16: `).filter(d=>d.trim()&&!d.startsWith("#")))):["/bin/bash","/bin/zsh","/bin/sh"]}function p(f,d){if(f&&(!d?.acceptable||o(f))){let y=a(f);if(y)return y}return process.platform==="wi... L17: [[ -f ~/.zshenv ]] && s
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.cjsView on unpkg · L1
1'use strict';var chunkYPKMFQLR_cjs=require('./chunks/chunk-YPKMFQLR.cjs'),chunkPYCQUF3V_cjs=require('./chunks/chunk-PYCQUF3V.cjs'),chunkWWPI6PC4_cjs=require('./chunks/chunk-WWPI6PC... L2: Full ${u} saved to: ${l} ... L11: L12: ${se}`,truncated:true,outputPath:G,originalLength:l.length,removedLength:de,label:E}}p.truncate=a;function i(l){return l.truncated?s(l.outputPath,l.label):""}p.formatHint=i;async f... L13: ${s.stderr}`),{stdout:a.stdout,stderr:a.stderr,exitCode:a.exitCode});return a},o=r();return Object.defineProperty(o,"stdin",{get(){throw new Error("stdin is not yet supported in Ea... L14: `),A=F.length>0?F[0]?.trim():null;if(A){X.set(h,A),T(A);return}}X.set(h,null),T(null);}),setTimeout(()=>{I.kill(),X.set(h,null),T(null);},5e3);})}catch{return X.set(h,null),null}}_... L15: `),I=T.length>0?T[0]?.trim():null;if(I)return X.set(h,I),I}}catch{}return X.set(h,null),null}_.whichSync=r;function o(){X.clear();}_.clearWhichCache=o;let s=module$1.createRequire(... L16: `).filter(d=>d.trim()&&!d.startsWith("#")))):["/bin/bash","/bin/zsh","/bin/sh"]}function p(f,d){if(f&&(!d?.acceptable||o(f))){let y=a(f);if(y)return y}return process.platform==="wi... L17: [[ -f ~/.zshenv ]] && s
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.cjsView on unpkg · L1

Findings

4 High4 Medium6 Low
HighChild Processdist/chunks/main-ZMRSNK7G.mjs
HighSame File Env Network Executiondist/index.cjs
HighCommand Output Exfiltrationdist/index.cjs
HighCross File Remote Execution Contextdist/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.cjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings