registry  /  djsk  /  0.1.2

djsk@0.1.2

Jishaku for Discord.js — a debugging and diagnostics toolkit for your bot.

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 3 file(s), 114 KB of source, external domains: discord.com, registry.npmjs.org

Source & flagged code

2 flagged · loading source
dist/index.jsView file
352try { L353: const mod = await import(name); L354: const version = mod.version ?? mod.default?.version;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L352
dist/cli.jsView file
4import { consola } from 'consola'; L5: import { spawn } from 'child_process'; L6: import { mkdir, readdir, writeFile } from 'fs/promises'; ... L11: try { L12: const response = await fetch("https://discord.com/api/v10/oauth2/applications/@me", { L13: headers: { Authorization: `Bot ${token}` } ... L15: if (!response.ok) return null; L16: const data = await response.json(); L17: return data.id ?? null; ... L51: var KNOWN = ["npm", "pnpm", "yarn", "bun"]; L52: function detectPackageManager(env = process.env) { L53: const userAgent = env.npm[redacted];
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L4

Findings

1 High5 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings