registry  /  @starvale-sdk/sts  /  1.1.10

@starvale-sdk/sts@1.1.10

STS CLI - A sleek, fast, and modern custom wrapper for npm

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedTrivialUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 40.9 KB of source, external domains: studio.althar.dev

Source & flagged code

5 flagged · loading source
bin/sts.jsView file
2L3: const a0_0xddaefd=a0_0x323a;function a0_0x323a(_0xb56433,_0xd6eff3){_0xb56433=_0xb56433-0x1e9;const _0x2f19dc=a0_0x83f8();let _0xea0bd2=_0x2f19dc[_0xb56433];if(a0_0x323a['zWkMqu']=...
High
Child Process

Package source references child process execution.

bin/sts.jsView on unpkg · L2
2L3: const a0_0xddaefd=a0_0x323a;function a0_0x323a(_0xb56433,_0xd6eff3){_0xb56433=_0xb56433-0x1e9;const _0x2f19dc=a0_0x83f8();let _0xea0bd2=_0x2f19dc[_0xb56433];if(a0_0x323a['zWkMqu']=...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/sts.jsView on unpkg · L2
2L3: const a0_0xddaefd=a0_0x323a;function a0_0x323a(_0xb56433,_0xd6eff3){_0xb56433=_0xb56433-0x1e9;const _0x2f19dc=a0_0x83f8();let _0xea0bd2=_0x2f19dc[_0xb56433];if(a0_0x323a['zWkMqu']=...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/sts.jsView on unpkg · L2
2L3: const a0_0xddaefd=a0_0x323a;function a0_0x323a(_0xb56433,_0xd6eff3){_0xb56433=_0xb56433-0x1e9;const _0x2f19dc=a0_0x83f8();let _0xea0bd2=_0x2f19dc[_0xb56433];if(a0_0x323a['zWkMqu']=...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/sts.jsView on unpkg · L2
2L3: const a0_0xddaefd=a0_0x323a;function a0_0x323a(_0xb56433,_0xd6eff3){_0xb56433=_0xb56433-0x1e9;const _0x2f19dc=a0_0x83f8();let _0xea0bd2=_0x2f19dc[_0xb56433];if(a0_0x323a['zWkMqu']=...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/sts.jsView on unpkg · L2

Findings

5 High4 Medium4 Low
HighChild Processbin/sts.js
HighSame File Env Network Executionbin/sts.js
HighCommand Output Exfiltrationbin/sts.js
HighObfuscated Payload Loaderbin/sts.js
HighObfuscated
MediumDynamic Requirebin/sts.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings