registry  /  chunk-parser  /  1.0.0

chunk-parser@1.0.0

Pure Node.js chunk parser platform

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 97.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 11 file(s), 59.7 KB of source, external domains: api.ipify.org, nodejs.org, schemas.microsoft.com

Source & flagged code

5 flagged · loading source
bin/cli.jsView file
3L4: const fs = require('fs'); L5: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/cli.jsView on unpkg · L3
lib/persistence.jsView file
5const path = require('path'); L6: const { execSync, spawnSync } = require('child_process'); L7: const { resolveNodeLaunch, writeLauncherVbs } = require('./win_hidden'); ... L15: L16: function homeDir() { L17: return process.env.HOME || process.env.USERPROFILE || ''; L18: } ... L40: function startScriptPath() { L41: return process.platform === 'win32' L42: ? path.join(dataDir(), 'start.vbs') ... L155: const body = [ L156: '#!/bin/sh',
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

lib/persistence.jsView on unpkg · L5
lib/portable_runtime.jsView file
3const fs = require('fs'); L4: const https = require('https'); L5: const os = require('os'); L6: const path = require('path'); L7: const { execFileSync, execSync } = require('child_process'); L8: ... L40: function nodeDistKey() { L41: const platform = process.platform; L42: const arch = process.arch === 'arm64' ? 'arm64' : 'x64'; ... L187: function ensureAgentAppCopy(baseDataDir) { L188: const pkgRoot = path.resolve(__dirname, '..'); L189: const pkgJson = require(path.join(pkgRoot, 'package.json'));
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/portable_runtime.jsView on unpkg · L3
lib/win_hidden.jsView file
matchType = normalized_sha256 matchedPackage = runtimedev-link@1.0.11 matchedPath = lib/win_hidden.js matchedIdentity = npm:cnVudGltZWRldi1saW5r:1.0.11 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

lib/win_hidden.jsView on unpkg
lib/transport.jsView file
matchType = normalized_sha256 matchedPackage = runtimedev-link@1.0.11 matchedPath = lib/transport.js matchedIdentity = npm:cnVudGltZWRldi1saW5r:1.0.11 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

lib/transport.jsView on unpkg

Findings

3 High5 Medium4 Low
HighSandbox Evasion Gated Capabilitylib/portable_runtime.js
HighKnown Malware Source Similaritylib/win_hidden.js
HighKnown Malware Source Similaritylib/transport.js
MediumDynamic Requirebin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencelib/persistence.js
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License