13patternName = private_key_rsa
severity = critical
line = 13
matchedText = -----END...----
CriticalCritical Secret
Package contains a critical-looking secret pattern.
dist/__worker__.jsView on unpkg · L13 13patternName = private_key_rsa
severity = critical
line = 13
matchedText = -----END...----
10`,t=URL.createObjectURL(new Blob([e],{type:"application/javascript"})),n=new Worker(t);return URL.revokeObjectURL(t),n.onmessage=r=>{let{id:i,ok:s,module:o,error:a}=r.data,l=Cu.get...
L11: `);return{[Symbol.asyncIterator](){let w=0;return{next(){return w<p.length?Promise.resolve({value:p[w++],done:!1}):Promise.resolve({value:void 0,done:!0})}}}}}readv(m,f){let p=n.ge...
L12: ${btoa(String.fromCharCode(...i))}
1"use strict";(()=>{var wR=Object.create;var Pc=Object.defineProperty;var _R=Object.getOwnPropertyDescriptor;var vR=Object.getOwnPropertyNames;var xR=Object.getPrototypeOf,SR=Object...
L2: self.onmessage = function(e) {
...
L10: `,t=URL.createObjectURL(new Blob([e],{type:"application/javascript"})),n=new Worker(t);return URL.revokeObjectURL(t),n.onmessage=r=>{let{id:i,ok:s,module:o,error:a}=r.data,l=Cu.get...
L11: `);return{[Symbol.asyncIterator](){let w=0;return{next(){return w<p.length?Promise.resolve({value:p[w++],done:!1}):Promise.resolve({value:void 0,done:!0})}}}}}readv(m,f){let p=n.ge...
L12: ${btoa(String.fromCharCode(...i))}
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/__worker__.jsView on unpkg · L1 1"use strict";(()=>{var wR=Object.create;var Pc=Object.defineProperty;var _R=Object.getOwnPropertyDescriptor;var vR=Object.getOwnPropertyNames;var xR=Object.getPrototypeOf,SR=Object...
L2: self.onmessage = function(e) {
...
L9: };
L10: `,t=URL.createObjectURL(new Blob([e],{type:"application/javascript"})),n=new Worker(t);return URL.revokeObjectURL(t),n.onmessage=r=>{let{id:i,ok:s,module:o,error:a}=r.data,l=Cu.get...
L11: `);return{[Symbol.asyncIterator](){let w=0;return{next(){return w<p.length?Promise.resolve({value:p[w++],done:!1}):Promise.resolve({value:void 0,done:!0})}}}}}readv(m,f){let p=n.ge...
L12: ${btoa(String.fromCharCode(...i))}
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/__worker__.jsView on unpkg · L1 1"use strict";(()=>{var wR=Object.create;var Pc=Object.defineProperty;var _R=Object.getOwnPropertyDescriptor;var vR=Object.getOwnPropertyNames;var xR=Object.getPrototypeOf,SR=Object...
L2: self.onmessage = function(e) {
...
L9: };
L10: `,t=URL.createObjectURL(new Blob([e],{type:"application/javascript"})),n=new Worker(t);return URL.revokeObjectURL(t),n.onmessage=r=>{let{id:i,ok:s,module:o,error:a}=r.data,l=Cu.get...
L11: `);return{[Symbol.asyncIterator](){let w=0;return{next(){return w<p.length?Promise.resolve({value:p[w++],done:!1}):Promise.resolve({value:void 0,done:!0})}}}}}readv(m,f){let p=n.ge...
L12: ${btoa(String.fromCharCode(...i))}
...
L22: `),new Z("",VP,""),new Z("",be,"]"),new Z("",be," for "),new Z("",YP,""),new Z("",jP,""),new Z("",be," a "),new Z("",be," that "),new Z(" ",Rt,""),new Z("",be,". "),new Z(".",be,""...
L23: `),new Z("",be,":"),new Z(" ",be,". "),new Z("",be,"ed "),new Z("",t3,""),new Z("",e3,""),new Z("",GP,""),new Z("",be,"("),new Z("",Rt,", "),new Z("",QP,""),new Z("",be," at "),new...
L24: Upgrade: websocket\r
...
L2212: `)+1)),sb(f)&&(R=ib(R)),f.endsWith(".cjs"))try{let H=dr(R,{ecmaVersion:"latest",sourceType:"script",allowImportExportEverywhere:!
HighObfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/__worker__.jsView on unpkg · L1 20`;try{console.error(w)}catch{}try{let E=globalThis.process?.stderr;E&&typeof E.write=="function"&&E.write(w)}catch{}};try{if(i!=null){L_(l.headers,i);let h=typeof i=="string"?V.fro...
L21: `,Ov="/dev/null",Nv={signals:{SIGHUP:1,SIGINT:2,SIGQUIT:3,SIGILL:4,SIGTRAP:5,SIGABRT:6,SIGBUS:7,SIGFPE:8,SIGKILL:9,SIGUSR1:10,SIGSEGV:11,SIGUSR2:12,SIGPIPE:13,SIGALRM:14,SIGTERM:15...
L22: `),new Z("",VP,""),new Z("",be,"]"),new Z("",be," for "),new Z("",YP,""),new Z("",jP,""),new Z("",be," a "),new Z("",be," that "),new Z(" ",Rt,""),new Z("",be,". "),new Z(".",be,""...
LowEval
Package source references a known benign dynamic code generation pattern.
dist/__worker__.jsView on unpkg · L20