registry  /  @socketsecurity/lib  /  6.0.10

@socketsecurity/lib@6.0.10

Core utilities and infrastructure for Socket.dev security tools

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 635 file(s), 6.38 MB of source, external domains: anaconda.org, api.adoptium.net, api.anthropic.com, api.fireworks.ai, api.github.com, api.npmjs.org, api.socket.dev, api.synthetic.new, beacon.claude-ai.staging.ant.dev, bioconductor.org, bitbucket.org, cdn.jsdelivr.net, chromewebstore.google.com, claude-staging.fedstart.com, claude.ai, claude.com, claude.fedstart.com, clojars.org, cocoapods.org, code.claude.com, codeload.github.com, conan.io, crates.io, deno.land, docs.anthropic.com, docs.expo.dev, docs.socket.dev, firewall-api.socket.dev, formulae.brew.sh, gist.githubusercontent.com, github.com, gitlab.com, hackage.haskell.org, hex.pm, hooks.example.com, hub.docker.com, huggingface.co, json-schema.org, json.schemastore.org, luarocks.org, marketplace.visualstudio.com, mcp-proxy.anthropic.com, metacpan.org, nodejs.org, npm.im, nuget.org, package.elm-lang.org, packagist.org, pkg.go.dev, platform.claude.com

Source & flagged code

8 flagged · loading source
dist/bin/prim.cjsView file
61node_crypto = __toESM(node_crypto, 1); L62: let child_process = require("child_process"); L63: let crypto = require("crypto");
High
Child Process

Package source references child process execution.

dist/bin/prim.cjsView on unpkg · L61
61node_crypto = __toESM(node_crypto, 1); L62: let child_process = require("child_process"); L63: let crypto = require("crypto"); ... L135: const starts = [0]; L136: for (let i = 0; i < src.length; i += 1) if (src.charCodeAt(i) === 10) starts.push(i + 1); L137: return starts; ... L427: mtime: X, L428: data: { ...$.data } L429: } : { ... L695: function f($, Q, J, Y, X) { L696: if (Y === "m") throw TypeError("Private method is not writable"); L697: if (Y === "a" && !X) throw TypeError("Private accessor was defined without a setter");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/bin/prim.cjsView on unpkg · L61
61node_crypto = __toESM(node_crypto, 1); L62: let child_process = require("child_process"); L63: let crypto = require("crypto"); ... L994: return async () => { L995: jX($.baseURL); L996: let Q = await $.identityTokenProvider(); ... L6860: if (Y) X$(`Reading through symlink: ${$} -> ${J}`); L6861: let X = fs$1(J), W = Q.readFileSync(J, { encoding: X }), G = ys(W.slice(0, 4096)); L6862: return {
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/bin/prim.cjsView on unpkg · L61
61node_crypto = __toESM(node_crypto, 1); L62: let child_process = require("child_process"); L63: let crypto = require("crypto"); ... L135: const starts = [0]; L136: for (let i = 0; i < src.length; i += 1) if (src.charCodeAt(i) === 10) starts.push(i + 1); L137: return starts; ... L427: mtime: X, L428: data: { ...$.data } L429: } : { ... L695: function f($, Q, J, Y, X) { L696: if (Y === "m") throw TypeError("Private method is not writable"); L697: if (Y === "a" && !X) throw TypeError("Private accessor was defined without a setter");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/bin/prim.cjsView on unpkg · L61
23890try { L23891: return new Function(""), !0; L23892: } catch ($) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bin/prim.cjsView on unpkg · L23890
dist/temporal/now.jsView file
3Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' }); L4: const require_runtime = require('../_virtual/_rolldown/runtime.js'); L5: const require_temporal_instant = require('./instant.js');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/temporal/now.jsView on unpkg · L3
dist/external/npm-pack.jsView file
79const hexify = (char) => { L80: const h = char.charCodeAt(0).toString(16).toUpperCase(); L81: return `0x${h.length % 2 ? "0" : ""}${h}`; ... L203: const hasInvalidScripts = () => Object.entries(newScripts).some(([key, value]) => typeof key !== "string" || typeof value !== "string"); L204: if (hasInvalidScripts()) throw Object.assign(/* @__PURE__ */ new TypeError("package.json scripts should be a key-value pair of strings."), { code: "ESCRIPTSINVALID" }); L205: return { ... L231: var require_debug$1 = /* @__PURE__ */ __commonJSMin(((exports, module) => { L232: const debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : (... L233: module.exports = debug; ... L789: printACPolyfillWarning = false; L790: emitWarning("AbortController is not defined. If using lru-cache in node 14, load an AbortController polyfill from the `node-abort-controller` package. A minimal polyfill is provide... L791: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/external/npm-pack.jsView on unpkg · L79
dist/bin/acorn.wasmView file
path = dist/bin/acorn.wasm kind = wasm_module sizeBytes = 3345482 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/bin/acorn.wasmView on unpkg

Findings

3 High6 Medium6 Low
HighChild Processdist/bin/prim.cjs
HighSandbox Evasion Gated Capabilitydist/bin/prim.cjs
HighRemote Agent Bridgedist/bin/prim.cjs
MediumDynamic Requiredist/temporal/now.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/bin/prim.cjs
MediumShips Wasm Moduledist/bin/acorn.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/bin/prim.cjs
LowWeak Cryptodist/external/npm-pack.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings