1import{createRequire as rU}from"node:module";var dU=Object.defineProperty;var lU=($)=>$;function pU($,Q){this[$]=lU.bind(null,Q)}var qQ=($,Q)=>{for(var Z in Q)dU($,Z,{get:Q[Z],enum...
L2: `,"utf8"),$f()}function DZ(){return z0().telemetryOptOut}function Jf($,Q={}){T1({...z0(),telemetryOptOut:$},Q)}function jf(){return z0().autoUpdateEnabled}function Xf($,Q={}){T1({....
L3: `)}function Qq($){if(!$||$.length===0)return[];let Q=[];for(let Z of $){let W=Zq(Z);if(W)Q.push(W)}return Q}function Zq($){let Q=$.trim();if(!Q)return;let Z=Q.match(/^data:([^;,]+)...
L4: `),J}finally{C5.delete($.lockDir),KM($)}}function R1($,Q,Z={}){let W=FM($,Z);return WH(W,$,Q)}async function P5($,Q,Z={}){let W=await AM($,Z);return WH(W,$,Q)}function UM($){let Q=...
L5: <html lang="en">
...
L44: </body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}return Q}async functi...
CriticalCredential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L1 1Trigger-reachable chain: manifest.main -> dist/index.js
L1: import{createRequire as rU}from"node:module";var dU=Object.defineProperty;var lU=($)=>$;function pU($,Q){this[$]=lU.bind(null,Q)}var qQ=($,Q)=>{for(var Z in Q)dU($,Z,{get:Q[Z],enum...
L2: `,"utf8"),$f()}function DZ(){return z0().telemetryOptOut}function Jf($,Q={}){T1({...z0(),telemetryOptOut:$},Q)}function jf(){return z0().autoUpdateEnabled}function Xf($,Q={}){T1({....
L3: `)}function Qq($){if(!$||$.length===0)return[];let Q=[];for(let Z of $){let W=Zq(Z);if(W)Q.push(W)}return Q}function Zq($){let Q=$.trim();if(!Q)return;let Z=Q.match(/^data:([^;,]+)...
L4: `),J}finally{C5.delete($.lockDir),KM($)}}function R1($,Q,Z={}){let W=FM($,Z);return WH(W,$,Q)}async function P5($,Q,Z={}){let W=await AM($,Z);return WH(W,$,Q)}function UM($){let Q=...
L5: <html lang="en">
...
L44: </body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}…
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1 44</body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}return Q}async functi...
HighChild Process
Package source references child process execution.
dist/index.jsView on unpkg · L44 44</body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}return Q}async functi...
44</body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}return Q}async functi...
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L44 44</body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}return Q}async functi...
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L44 3`)}function Qq($){if(!$||$.length===0)return[];let Q=[];for(let Z of $){let W=Zq(Z);if(W)Q.push(W)}return Q}function Zq($){let Q=$.trim();if(!Q)return;let Z=Q.match(/^data:([^;,]+)...
L4: `),J}finally{C5.delete($.lockDir),KM($)}}function R1($,Q,Z={}){let W=FM($,Z);return WH(W,$,Q)}async function P5($,Q,Z={}){let W=await AM($,Z);return WH(W,$,Q)}function UM($){let Q=...
L5: <html lang="en">
MediumDynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L3 1import{createRequire as rU}from"node:module";var dU=Object.defineProperty;var lU=($)=>$;function pU($,Q){this[$]=lU.bind(null,Q)}var qQ=($,Q)=>{for(var Z in Q)dU($,Z,{get:Q[Z],enum...
L2: `,"utf8"),$f()}function DZ(){return z0().telemetryOptOut}function Jf($,Q={}){T1({...z0(),telemetryOptOut:$},Q)}function jf(){return z0().autoUpdateEnabled}function Xf($,Q={}){T1({....
L3: `)}function Qq($){if(!$||$.length===0)return[];let Q=[];for(let Z of $){let W=Zq(Z);if(W)Q.push(W)}return Q}function Zq($){let Q=$.trim();if(!Q)return;let Z=Q.match(/^data:([^;,]+)...
L4: `),J}finally{C5.delete($.lockDir),KM($)}}function R1($,Q,Z={}){let W=FM($,Z);return WH(W,$,Q)}async function P5($,Q,Z={}){let W=await AM($,Z);return WH(W,$,Q)}function UM($){let Q=...
L5: <html lang="en">
...
L44: </body>
L45: </html>`;function Uj($){let Q="";for(let Z=0;Z<$.length;Z+=1)Q+=String.fromCharCode($[Z]??0);return btoa(Q).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")}async function ...
L46: `)}}var wZ=rf();function CZ($,Q,Z){if(typeof $==="number"&&$>0)return $;if(Z){let W=process.env[Z];if(W){let J=Number(W);if(Number.isInteger(J)&&J>0)return J}}return Q}async functi...
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L1