registry  /  @magonxesp/osaka  /  1.0.9

@magonxesp/osaka@1.0.9

⚠ Under review

Escrapeador de links de descarga de animes

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 305 file(s), 6.78 MB of source, external domains: 4pda.to, ad.jp.ap.valuecommerce.com, adclick.g.doubleclick.net, affiliate.suruga-ya.jp, affportal.bhphoto.com, al.dmm.co.jp, al.dmm.com, al.fanza.co.jp, amzn.to, animeav1.com, api2.zoomit.ir, app.adjust.com, atmedia.link, azrom.net, cadenaser.com, candyai.gg, cdn.plyr.io, cdns.6hiidude.gold, checklink.mail.ru, click.email4customers.com, click.linksynergy.com, click.mail.ru, clicker.mail.ru, clicks.trx-hub.com, cna.st, colab.research.google.com, consent.youtube.com, cts.businesswire.com, datatracker.ietf.org, deeplink.musescore.com, disq.us, dq.h1g.jp, dragontea.ink, drivevideo.xyz, ensonhaber.me, fsx.i-run.fr, gate.sc, github.com, go.2038.pro, go.redirectingat.com, go.rmhfrtnd.com, go.skimresources.com, googleads.g.doubleclick.net, hamtamovie.nl, hb.afl.rakuten.co.jp, html-load.com, i.imgur.com, imgprime.com, invol.co, l.vrgl.ir

Source & flagged code

3 flagged · loading source
ubol-extension/rulesets/scripting/scriptlet/main/ublock-badware.jsView file
1531L1532: const $scriptletArgs$ = /* 21 */ ["DOMContentLoaded","fullscreenEnabled","tigervip2","atob","new Function(atob(","String.prototype.includes","0","undefined","condition","/^checkout... L1533:
Low
Eval

Package source references a known benign dynamic code generation pattern.

ubol-extension/rulesets/scripting/scriptlet/main/ublock-badware.jsView on unpkg · L1531
ubol-extension/rulesets/scripting/scriptlet/main/ublock-filters.jsView file
16You should have received a copy of the GNU General Public License L17: along with this program. If not, see {http://www.gnu.org/licenses/}. L18: ... L35: this.separatorChar = this.actualSeparatorChar = separatorChar; L36: this.separatorCode = this.actualSeparatorCode = separatorChar.charCodeAt(0); L37: this.mustQuote = mustQuote; ... L655: const [ , mime, content ] = L656: /^data:([^,]*),(.+)$/.exec(elem.src.trim()) || L657: [ '', '', '' ]; ... L1459: }; L1460: self.fetch = new Proxy(self.fetch, { L1461: apply: applyHandler
Critical
Global Object Hijack Exfiltration

Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.

ubol-extension/rulesets/scripting/scriptlet/main/ublock-filters.jsView on unpkg · L16
ubol-extension/css/fonts/Inter/Inter-Regular.woff2View file
path = ubol-extension/css/fonts/Inter/Inter-Regular.woff2 kind = high_entropy_blob sizeBytes = 111268 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

ubol-extension/css/fonts/Inter/Inter-Regular.woff2View on unpkg

Findings

1 Critical1 High3 Medium7 Low
CriticalGlobal Object Hijack Exfiltrationubol-extension/rulesets/scripting/scriptlet/main/ublock-filters.js
HighShips High Entropy Blobubol-extension/css/fonts/Inter/Inter-Regular.woff2
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalubol-extension/rulesets/scripting/scriptlet/main/ublock-badware.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings