registry  /  @ecency/sdk  /  2.3.30

@ecency/sdk@2.3.30

⚠ Under review

Ecency SDK

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 883 KB of source, external domains: api.c0ff33a.uk, api.coingecko.com, api.deathwing.me, api.hive.blog, api.openhive.network, api.syncad.com, ecency.com, hapi.ecency.com, hiveapi.actifit.io, hiveposh.com, i.ecency.com, pl.ecency.com, poll.ecency.com, raw.githubusercontent.com, rpc.mahdiyari.info, spk.good-karma.xyz, studio.3speak.tv, techcoderx.com

Source & flagged code

2 flagged · loading source
dist/browser/index.jsView file
1import {QueryClient,useQuery,useInfiniteQuery,useMutation,queryOptions,infiniteQueryOptions,useQueryClient}from'@tanstack/react-query';import {hexToBytes,bytesToHex}from'@noble/has... L2: `).filter(Boolean))},staleTime:1440*60*1e3,gcTime:1/0})}var LI=1.1,Xl=(r=>(r.NUMBER_OF_VOTES="number_of_votes",r.TOKENS="tokens",r))(Xl||{});function WI(e){return e?e.map((t,r)=>({...
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/browser/index.jsView on unpkg · L1
dist/node/index.cjsView file
1Trigger-reachable chain: manifest.main -> dist/node/index.cjs L1: 'use strict';var reactQuery=require('@tanstack/react-query'),utils_js=require('@noble/hashes/utils.js'),legacy_js=require('@noble/hashes/legacy.js'),Nr=require('bs58'),secp256k1_js... L2: `).filter(Boolean))},staleTime:1440*60*1e3,gcTime:1/0})}var FI=1.1,zl=(r=>(r.NUMBER_OF_VOTES="number_of_votes",r.TOKENS="tokens",r))(zl||{});function KI(e){return e?e.map((t,r)=>({...
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/node/index.cjsView on unpkg · L1

Findings

2 Critical3 Medium4 Low
CriticalCredential Exfiltrationdist/browser/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/node/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings