registry  /  dealpos  /  26.25.5

dealpos@26.25.5

Static Scan Results

scanned 13d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 376 file(s), 13.9 MB of source, external domains: aka.ms, alg.li, angular.dev, app.midtrans.com, app.prntscr.com, blog.dealpos.com, books.dealpos.app, cdn.dealpos.app, cdn.dealpos.xyz, cdn.jsdelivr.net, cdn.tiny.cloud, changelog.dealpos.app, changelog.dealpos.com, display.dealpos.app, fonts.googleapis.com, github.com, learn.microsoft.com, midtrans.com, momentjs.com, ods.dealpos.app, play.google.com, popper.js.org, pub-5a8de9b3d4454b2faa2709eadbe7f51f.r2.dev, receipt.dealpos.app, remote.site.example, res.cloudinary.com, schemas.microsoft.com, status.dealpos.com, storage.dealpos.app, support.dealpos.com, uppy.io, wa.me, www.algolia.com, www.dealpos.app, www.dealpos.co.id, www.dealpos.com, www.highcharts.com, www.w3.org

Source & flagged code

5 flagged · loading source
browser/chunk-N4OIQESG.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = var e={p...and}
High
High Secret

Package contains a high-severity secret pattern.

browser/chunk-N4OIQESG.jsView on unpkg · L1
1patternName = google_api_key severity = high line = 1 matchedText = var e={p...and}
High
Secret Pattern

Google API key in browser/chunk-N4OIQESG.js

browser/chunk-N4OIQESG.jsView on unpkg · L1
browser/chunk-RN23PFKE.jsView file
4`)&&r.flags==="s")})},8814:function(i,u,t){var e=t(9039),n=t(4576).RegExp;i.exports=e(function(){var r=n("(?<a>b)","g");return r.exec("b").groups.a!=="b"||"b".replace(r,"$<a>c")!==... L5: \v\f\r \xA0\u1680\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u202F\u205F\u3000\u2028\u2029\uFEFF`},8706:function(i,u,t){var e=t(6518),n=t(9039),r=t(4376),o=t... L6: In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)})()}function Pt(i,u){if(i){if(typeof i=="string")return Kt(i,u);var t={}.toString.call(i).slice...
Low
Eval

Package source references a known benign dynamic code generation pattern.

browser/chunk-RN23PFKE.jsView on unpkg · L4
browser/chunk-YPKG3AAS.jsView file
1import{a as ui,b as Pt,c as Ci}from"./chunk-VHLLF2QG.js";import{a as so}from"./chunk-WDIGRET3.js";import{a as co,b as uo}from"./chunk-SN62YIZQ.js";import{b as mo}from"./chunk-RUZO3... L2: `],encapsulation:2,changeDetection:0})};var o0=["fileInput"],Ao=(t,p)=>({width:t,height:p}),a0=t=>({fontSize:t});function r0(t,p){t&1&&y(0,"i",9)}function l0(t,p){t&1&&(o(0,"h3",10...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

browser/chunk-YPKG3AAS.jsView on unpkg · L1
browser/media/primeicons-4GST5W3O.woff2View file
path = browser/media/primeicons-4GST5W3O.woff2 kind = high_entropy_blob sizeBytes = 35148 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

browser/media/primeicons-4GST5W3O.woff2View on unpkg

Findings

3 High5 Medium6 Low
HighHigh Secretbrowser/chunk-N4OIQESG.js
HighShips High Entropy Blobbrowser/media/primeicons-4GST5W3O.woff2
HighSecret Patternbrowser/chunk-N4OIQESG.js
MediumDynamic Requirebrowser/chunk-YPKG3AAS.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowEvalbrowser/chunk-RN23PFKE.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License