registry  /  djsk  /  0.2.2

djsk@0.2.2

Jishaku for Discord.js — a debugging and diagnostics toolkit for your bot.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 3 file(s), 128 KB of source, external domains: discord.com, registry.npmjs.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
393try { L394: const mod = await import(name); L395: const version = mod.version ?? mod.default?.version;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L393
dist/cli.jsView file
4import { consola } from 'consola'; L5: import { spawn } from 'child_process'; L6: import { mkdir, readdir, writeFile } from 'fs/promises'; ... L12: try { L13: const response = await fetch("https://discord.com/api/v10/oauth2/applications/@me", { L14: headers: { Authorization: `Bot ${token}` } ... L16: if (!response.ok) return null; L17: const data = await response.json(); L18: return data.id ?? null; ... L52: var KNOWN = ["npm", "pnpm", "yarn", "bun"]; L53: function detectPackageManager(env = process.env) { L54: const userAgent = env.npm[redacted];
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L4
matchType = previous_version_dangerous_delta matchedPackage = djsk@0.2.1 matchedIdentity = npm:ZGpzaw:0.2.1 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg

Findings

2 High5 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
HighPrevious Version Dangerous Deltadist/cli.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings