registry  /  @tinyaxis/voice-brief  /  0.1.6

@tinyaxis/voice-brief@0.1.6

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
DynamicRequireFilesystem
Supply chain
HighEntropyStringsMinifiedTrivial
Manifest
NoLicense
scanned 2 file(s), 368 KB of source

Source & flagged code

2 flagged · loading source
index.bin.jsView file
1#!/usr/bin/env node L2: process.argv[1] = require('node:path').resolve(__dirname, 'index.js'); L3: require('./index.js');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.bin.jsView on unpkg · L1
index.jsView file
1function a0_0x289e(_0x6f2f35,_0x4a2b58){_0x6f2f35=_0x6f2f35-0xfb;const _0x587316=a0_0x5873();let _0x289e1b=_0x587316[_0x6f2f35];if(a0_0x289e['QIUHZG']===undefined){var _0x264d04=fu... L2: //# sourceMappingURL=index.js.map
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

index.jsView on unpkg · L1

Findings

1 High2 Medium3 Low
HighObfuscated Payload Loaderindex.js
MediumDynamic Requireindex.bin.js
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowNo License