registry  /  @ecency/sdk  /  2.3.31

@ecency/sdk@2.3.31

⚠ Under review

Ecency SDK

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 863 KB of source, external domains: api.c0ff33a.uk, api.coingecko.com, api.deathwing.me, api.hive.blog, api.openhive.network, api.syncad.com, ecency.com, hapi.ecency.com, hiveapi.actifit.io, hiveposh.com, i.ecency.com, pl.ecency.com, poll.ecency.com, raw.githubusercontent.com, rpc.mahdiyari.info, studio.3speak.tv, techcoderx.com

Source & flagged code

2 flagged · loading source
dist/browser/index.jsView file
1import {QueryClient,useQuery,useInfiniteQuery,useMutation,queryOptions,infiniteQueryOptions,useQueryClient}from'@tanstack/react-query';import {hexToBytes,bytesToHex}from'@noble/has... L2: `).filter(Boolean))},staleTime:1440*60*1e3,gcTime:1/0})}var IK=1.1,Il=(r=>(r.NUMBER_OF_VOTES="number_of_votes",r.TOKENS="tokens",r))(Il||{});function DK(e){return e?e.map((t,r)=>({...
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/browser/index.jsView on unpkg · L1
dist/node/index.cjsView file
1Trigger-reachable chain: manifest.main -> dist/node/index.cjs L1: 'use strict';var reactQuery=require('@tanstack/react-query'),utils_js=require('@noble/hashes/utils.js'),legacy_js=require('@noble/hashes/legacy.js'),Fr=require('bs58'),secp256k1_js... L2: `).filter(Boolean))},staleTime:1440*60*1e3,gcTime:1/0})}var AK=1.1,ql=(r=>(r.NUMBER_OF_VOTES="number_of_votes",r.TOKENS="tokens",r))(ql||{});function OK(e){return e?e.map((t,r)=>({...
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/node/index.cjsView on unpkg · L1

Findings

2 Critical3 Medium4 Low
CriticalCredential Exfiltrationdist/browser/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/node/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings