registry  /  @nimbus21.ai/the-link  /  3.15.11

@nimbus21.ai/the-link@3.15.11

the-link: Hub 360 Terminal Agent — runtime package for macOS

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.00 MB of source, external domains: 127.0.0.1, github.com, metcoder.dev, opencollective.com, s.io

Source & flagged code

3 flagged · loading source
bin/the-link.jsView file
28`;else if(K){let B=z$(H,K);if(B)Z.headers=Z.headers.replace(rl,`baggage: ${B}\r L29: `)}}}function el(Z,J){let Q=fA0(Z),$=J.statusCode,Y=$$($);T1({category:"http",data:{status_code:$,...Q},type:"http",level:Y},{event:"response",request:Z,response:J})}function fA0(Z... L30: `).some((Q)=>Q.indexOf("(https.js:")!==-1||Q.indexOf("node:https:")!==-1)}createSocket(Z,J,Q){let $={...J,secureEndpoint:this.isSecureEndpoint(J)};Promise.resolve().then(()=>this.c...
High
Child Process

Package source references child process execution.

bin/the-link.jsView on unpkg · L28
16Error:`,Y)}}var CW,hv;var MW=q(()=>{G0();Z0();o7();CW={},hv={}});function bv(Z){m4("error",Z),u4("error",CC0)}function CC0(){NF=d.onerror,d.onerror=function(Z,J,Q,$,Y){if(l4("error... L17: `)}var Yx=q(()=>{hF()});function bF(Z,J,Q){let $,Y,X,W=Q?.maxWait?Math.max(Q.maxWait,J):0,K=Q?.setTimeoutImpl||setTimeout;function z(){return G(),$=Z(),$}function G(){Y!==void 0&&c... L18: Event: ${AZ(Z)}`),!0;if(aC0(Z))return P&&O.warn(`Event dropped due to not having an error message, error type or stacktrace. ... L24: Event: ${AZ(Z)}`),!0}return!1}function lC0(Z,J){if(!J?.length)return!1;return OW(Z).some((Q)=>kZ(Q,J))}function pC0(Z,J){if(!J?.length)return!1;let Q=Z.transaction;return Q?kZ(Q,J)... L25: ${Y.stack}`:"unknown"}}}}}var uM0=10,lM0="ZodErrors",sM0=(Z={})=>{let J=Z.limit??uM0;return{name:lM0,processEvent(Q,$){return aM0(J,Z.saveZodIssuesAsAttachment,Q,$)}}},v3;var lx=q(... L26: `;if(z&&!G.includes("traceparent:"))Z.headers+=`traceparent: ${z}\r ... L28: `;else if(K){let B=z$(H,K);if(B)Z.headers=Z.headers.replace(rl,`baggage: ${B}\r L29: `)}}}function el(Z,J){let Q=fA0(Z),$=J.statusCode,Y=$$($);T1({category:"http",data:{status_code:$,...Q},type:"http",level:Y},{event:"response",
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/the-link.jsView on unpkg · L16
16patternName = generic_password severity = medium line = 16 matchedText = Error:`,...in(`
Medium
Secret Pattern

Package contains a possible secret pattern.

bin/the-link.jsView on unpkg · L16

Findings

2 High4 Medium5 Low
HighChild Processbin/the-link.js
HighSame File Env Network Executionbin/the-link.js
MediumSecret Patternbin/the-link.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License