70return t === void 0 ? {
L71: BS_PRIVATE_NESTED_SOME_NONE: 0
L72: } : t !== null && t.BS_PRIVATE_NESTED_SOME_NONE !== void 0 ? {
...
L1855: }, t;
L1856: })(), MS = "-ms-", MOZ = "-moz-", WEBKIT = "-webkit-", COMMENT = "comm", RULESET = "rule", DECLARATION = "decl", IMPORT = "@import", KEYFRAMES = "@keyframes", LAYER = "@layer", abs...
L1857: function hash$1(t, n) {
...
L3213: let n = t.label, o = t.value, u = n !== void 0 ? n : "Copy", p = React.useState(() => !1), y = p[1], $ = p[0], S = (x) => {
L3214: x.stopPropagation(), x.preventDefault(), $$catch(navigator.clipboard.writeText(o).then(() => (y((E) => !0), setTimeout(() => y((E) => !1), 1500), Promise.resolve())), (E) => Promis...
L3215: }, _ = $ ? button$2 + " " + confirmed : button$2;
...
L4849: closeBtn: closeBtn$1,
L4850: body: body$3,
L4851: footer: footer$2
CriticalBrowser Credential Phishing
Source appears to collect browser login credentials for exfiltration.
dist/index-BaFjI-Rt.mjsView on unpkg · L70 70Trigger-reachable chain: manifest.module -> dist/index.mjs -> dist/index-BaFjI-Rt.mjs
L70: return t === void 0 ? {
L71: BS_PRIVATE_NESTED_SOME_NONE: 0
L72: } : t !== null && t.BS_PRIVATE_NESTED_SOME_NONE !== void 0 ? {
...
L1855: }, t;
L1856: })(), MS = "-ms-", MOZ = "-moz-", WEBKIT = "-webkit-", COMMENT = "comm", RULESET = "rule", DECLARATION = "decl", IMPORT = "@import", KEYFRAMES = "@keyframes", LAYER = "@layer", abs...
L1857: function hash$1(t, n) {
...
L3213: let n = t.label, o = t.value, u = n !== void 0 ? n : "Copy", p = React.useState(() => !1), y = p[1], $ = p[0], S = (x) => {
L3214: x.stopPropagation(), x.preventDefault(), $$catch(navigator.clipboard.writeText(o).then(() => (y((E) => !0), setTimeout(() => y((E) => !1), 1500), Promise.resolve())), (E) => Promis...
L3215: }, _ = $ ? button$2 + " " + confirmed : button$2;
...
L4849: closeBtn: closeBtn$1,
L4850: body: body$3,
L4851: footer: footer$2
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index-BaFjI-Rt.mjsView on unpkg · L70 18440async loadEventStreamCapability() {
L18441: const { EventStreamSerde: o } = await import("./index-BBdKl-JC.mjs");
L18442: return new o({
MediumDynamic Require
Package source references dynamic require/import behavior.
dist/index-BaFjI-Rt.mjsView on unpkg · L18440 70return t === void 0 ? {
L71: BS_PRIVATE_NESTED_SOME_NONE: 0
L72: } : t !== null && t.BS_PRIVATE_NESTED_SOME_NONE !== void 0 ? {
...
L1855: }, t;
L1856: })(), MS = "-ms-", MOZ = "-moz-", WEBKIT = "-webkit-", COMMENT = "comm", RULESET = "rule", DECLARATION = "decl", IMPORT = "@import", KEYFRAMES = "@keyframes", LAYER = "@layer", abs...
L1857: function hash$1(t, n) {
...
L3213: let n = t.label, o = t.value, u = n !== void 0 ? n : "Copy", p = React.useState(() => !1), y = p[1], $ = p[0], S = (x) => {
L3214: x.stopPropagation(), x.preventDefault(), $$catch(navigator.clipboard.writeText(o).then(() => (y((E) => !0), setTimeout(() => y((E) => !1), 1500), Promise.resolve())), (E) => Promis...
L3215: }, _ = $ ? button$2 + " " + confirmed : button$2;
...
L4849: closeBtn: closeBtn$1,
L4850: body: body$3,
L4851: footer: footer$2
MediumUnsafe Vm Context
Package source executes code through a VM context API.
dist/index-BaFjI-Rt.mjsView on unpkg · L70 23676let o;
L23677: return t.getPublicPath.startsWith("function") ? o = new Function("return " + t.getPublicPath)()() : o = new Function(t.getPublicPath)(), `${o}${n}`;
L23678: } else return "publicPath" in t ? !isBrowserEnv() && !isReactNativeEnv() && "ssrPublicPath" in t ? `${t.ssrPublicPath}${n}` : `${t.publicPath}${n}` : (console.warn("Cannot get reso...
LowEval
Package source references a known benign dynamic code generation pattern.
dist/index-BaFjI-Rt.mjsView on unpkg · L23676