registry  /  @everymatrix/merkurbetsdk-pin-reset-wc  /  1.0.0

@everymatrix/merkurbetsdk-pin-reset-wc@1.0.0

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
Manifest
NoLicense
scanned 1 file(s), 919 KB of source, external domains: dummy.com, fallback.com, inlang.com, json-schema.org, radix-ui.com, www.w3.org

Source & flagged code

1 flagged · loading source
dist/build-pin-reset-wc.jsView file
152focus:[-moz-autofill]:[-moz-text-fill-color:var(--color-text-input)]! caret-[var(--color-text-input)] L153: autofill:![caret-color:var(--color-text-input)] [:-moz-autofill]:![caret-color:var(--color-text-input)]`,{"pl-10":!!h,"pr-10":!!x,"opacity-40 cursor-not-allowed":a},t),suffixIcon:X... L154: /*! tailwindcss v4.2.1 | MIT License | https://tailwindcss.com */
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/build-pin-reset-wc.jsView on unpkg · L152

Findings

1 High3 Medium5 Low
HighObfuscated Payload Loaderdist/build-pin-reset-wc.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License