registry  /  @zuplo/core  /  6.72.1

@zuplo/core@6.72.1

⚠ Under review

This module contains the type definitions for the Zuplo core module.

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 536 KB of source, external domains: developer.mozilla.org, dotenvx.com, github.com, handlebarsjs.com, www.w3.org
Oversized source lightweight scan
customer.cli.minified.js4.80 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsObfuscatedHighEntropyStringsMinifiedUrlStringsdeveloper.mozilla.orghandlebarsjs.comwww.w3.org
index.minified.js4.81 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsMinifiedUrlStringsdeveloper.mozilla.orgdotenvx.comgithub.comhandlebarsjs.comwww.w3.org

Source & flagged code

3 flagged · loading source
zeno.jsView file
24L25: var Ue=Object.defineProperty;var n=(t,e)=>Ue(t,"name",{value:e,configurable:!0});import{scheduler as Ge}from"node:timers/promises";Object.defineProperty(globalThis,"scheduler",{val... L26: `),nt=$.encode("*"),ot=$.encode("$");function oe(t){let e=[nt,$.encode(t.length.toString()),J];for(let r of t){let o=r instanceof Uint8Array?r:$.encode(r.toString());e.push(ot,$.en... L27: `);#n=new Set([..."[]{}:,/",...this.#t]);#e;#r;#s;constructor(e){this.#e=`${e}`,this.#r=this.#e.length,this.#s=this.#l()}parse(){let e=this.#o(),r=this.#i(e),{done:o,value:s}=this....
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

zeno.jsView on unpkg · L24
25var Ue=Object.defineProperty;var n=(t,e)=>Ue(t,"name",{value:e,configurable:!0});import{scheduler as Ge}from"node:timers/promises";Object.defineProperty(globalThis,"scheduler",{val... L26: `),nt=$.encode("*"),ot=$.encode("$");function oe(t){let e=[nt,$.encode(t.length.toString()),J];for(let r of t){let o=r instanceof Uint8Array?r:$.encode(r.toString());e.push(ot,$.en... L27: `);#n=new Set([..."[]{}:,/",...this.#t]);#e;#r;#s;constructor(e){this.#e=`${e}`,this.#r=this.#e.length,this.#s=this.#l()}parse(){let e=this.#o(),r=this.#i(e),{done:o,value:s}=this....
Medium
Dynamic Require

Package source references dynamic require/import behavior.

zeno.jsView on unpkg · L25
index.minified.jsView file
path = index.minified.js kind = oversized_source_file sizeBytes = 5040605 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

index.minified.jsView on unpkg

Findings

1 Critical1 High4 Medium5 Low
CriticalCredential Exfiltrationzeno.js
HighOversized Source Fileindex.minified.js
MediumDynamic Requirezeno.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License