1#!/usr/bin/env node
L2: var gr=Object.create;var{getPrototypeOf:yr,defineProperty:Qq,getOwnPropertyNames:hr}=Object;var mr=Object.prototype.hasOwnProperty;var SD=(D,F,$)=>{$=D!=null?gr(yr(D)):{};let B=F||...
L3: `)}displayWidth(D){return iP(D).length}styleTitle(D){return D}styleUsage(D){return D.split(" ").map((F)=>{if(F==="[options]")return this.styleOptionText(F);if(F==="[command]")retur...
...
L13: (Did you mean one of ${B.join(", ")}?)`;if(B.length===1)return`
L14: (Did you mean ${B[0]}?)`;return""}tP.suggestSimilar=Qa});var $w=JD((Cq)=>{var Ga=require("node:events").EventEmitter,Lq=require("node:child_process"),wF=require("node:path"),qG=req...
L15: - specify the name in Command constructor or using .name()`);if(F=F||{},F.isDefault)this._defaultCommandName=D._name;if(F.noHelp||F.hidden)D._hidden=!0;return this._registerCommand...
...
L28: `);let B;while((B=Ra.exec($))!=null){let U=B[1],J=B[2]||"";J=J.trim();let X=J[0];if(J=J.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),X==='"')J=J.replace(/\\n/g,`
L29: `),J=J.replace(/\\r/g,"\r");F[U]=J}return F}function Pa(D){D=D||{};let F=Lw(D);D.path=F;let $=d6.configDotenv(D);if(!$.parsed){let X=Error(`MISSING_DATA: Cannot parse ${F} for an
CriticalGlobal Object Hijack Exfiltration
Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.
dist/cli.bundle.cjsView on unpkg · L1 20Trigger-reachable chain: manifest.bin -> bin/entry.cjs -> dist/cli.bundle.cjs
L20: - if the default executable name is not suitable, use the executableFile option to supply a custom name or path
L21: - ${B}`;throw Error(U)}_executeSubCommand(D,F){F=F.slice();let $=!1,B=[".js",".ts",".tsx",".mjs",".cjs"];function U(Z,H){let E=wF.resolve(Z,H);if(qG.existsSync(E))return E;if(B.inc...
L22: `,this._outputConfiguration.writeErr),typeof this._showHelpAfterError==="string")this._outputConfiguration.writeErr(`${this._showHelpAfterError}
...
L24: `),this.outputHelp({error:!0});let $=F||{},B=$.exitCode||1,U=$.code||"commander.error";this._exit(B,U,D)}_parseOptionsEnv(){this.options.forEach((D)=>{if(D.envVar&&D.envVar in b0.e...
L25: `),this._exit(0,"commander.version",D)}),this}description(D,F){if(D===void 0&&F===void 0)return this._description;if(this._description=D,F)this._argsDescription=F;return this}summa...
L26: Expecting one of '${$.join("', '")}'`);let B=`${D}Help`;return this.on(B,(U)=>{let J;if(typeof F==="function")J=F({error:U.error,command:U.command});else J=F;if(J)U.write(`${J}
...
L34: `)}get width(){return this.toString().split(`
L35: `)[0].length}}qN.reset=()=>bF.reset();fun…
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.bundle.cjsView on unpkg · L20 13(Did you mean one of ${B.join(", ")}?)`;if(B.length===1)return`
L14: (Did you mean ${B[0]}?)`;return""}tP.suggestSimilar=Qa});var $w=JD((Cq)=>{var Ga=require("node:events").EventEmitter,Lq=require("node:child_process"),wF=require("node:path"),qG=req...
L15: - specify the name in Command constructor or using .name()`);if(F=F||{},F.isDefault)this._defaultCommandName=D._name;if(F.noHelp||F.hidden)D._hidden=!0;return this._registerCommand...
HighChild Process
Package source references child process execution.
dist/cli.bundle.cjsView on unpkg · L13 20- if the default executable name is not suitable, use the executableFile option to supply a custom name or path
L21: - ${B}`;throw Error(U)}_executeSubCommand(D,F){F=F.slice();let $=!1,B=[".js",".ts",".tsx",".mjs",".cjs"];function U(Z,H){let E=wF.resolve(Z,H);if(qG.existsSync(E))return E;if(B.inc...
L22: `,this._outputConfiguration.writeErr),typeof this._showHelpAfterError==="string")this._outputConfiguration.writeErr(`${this._showHelpAfterError}
...
L28: `);let B;while((B=Ra.exec($))!=null){let U=B[1],J=B[2]||"";J=J.trim();let X=J[0];if(J=J.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),X==='"')J=J.replace(/\\n/g,`
L29: `),J=J.replace(/\\r/g,"\r");F[U]=J}return F}function Pa(D){D=D||{};let F=Lw(D);D.path=F;let $=d6.configDotenv(D);if(!$.parsed){let X=Error(`MISSING_DATA: Cannot parse ${F} for an u...
L30: `).reduce(function(U,J){return cj(J)>U?cj(J):U},0)}function CX(D,F){return Array(F+1).join(D)}function W0D(D,F,$,B){let U=l1(D);if(F+1>=U){let J=F-U;switch(B){case"right":{D=CX($,J...
...
L34: `)}get width(){return this.toString().split(`
L35: `)[0].length}}qN.reset=()=>bF.reset();function KN(D,F,$){let B=[];D.forEach(function(J){B.push(J.draw(F))});let U=B.join("");if(U.length)$.pu
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.bundle.cjsView on unpkg · L20 20- if the default executable name is not suitable, use the executableFile option to supply a custom name or path
L21: - ${B}`;throw Error(U)}_executeSubCommand(D,F){F=F.slice();let $=!1,B=[".js",".ts",".tsx",".mjs",".cjs"];function U(Z,H){let E=wF.resolve(Z,H);if(qG.existsSync(E))return E;if(B.inc...
L22: `,this._outputConfiguration.writeErr),typeof this._showHelpAfterError==="string")this._outputConfiguration.writeErr(`${this._showHelpAfterError}
...
L24: `),this.outputHelp({error:!0});let $=F||{},B=$.exitCode||1,U=$.code||"commander.error";this._exit(B,U,D)}_parseOptionsEnv(){this.options.forEach((D)=>{if(D.envVar&&D.envVar in b0.e...
L25: `),this._exit(0,"commander.version",D)}),this}description(D,F){if(D===void 0&&F===void 0)return this._description;if(this._description=D,F)this._argsDescription=F;return this}summa...
L26: Expecting one of '${$.join("', '")}'`);let B=`${D}Help`;return this.on(B,(U)=>{let J;if(typeof F==="function")J=F({error:U.error,command:U.command});else J=F;if(J)U.write(`${J}
...
L34: `)}get width(){return this.toString().split(`
L35: `)[0].length}}qN.reset=()=>bF.reset();function KN(D,F,$){let B=[];D.forEach(function(J){B.push(J.draw(F))});let U=B.join
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.bundle.cjsView on unpkg · L20 290`))F.push(CJ+q.trim());F.push("")}return F.push(""),F.join(`
L291: `)}var m9=(D)=>{return m6(D.toLocaleUpperCase())},WG=(D)=>{let F=D.registeredArguments.map((J)=>J.required?wq(J.name()):_q(J.name())).filter((J)=>J!=="").join(" "),$=RJ([RJ([D.pare...
L292: `)}var k5=(D)=>(F,$,B,U)=>{let J=B?Object.assign(B,{async:!1}):{async:!1},X=F._zod.run({value:$,issues:[]},J);if(X instanceof Promise)throw new k1;if(X.issues.length){let Y=new(U?....
LowEval
Package source references a known benign dynamic code generation pattern.
dist/cli.bundle.cjsView on unpkg · L290