registry  /  efront  /  4.38.4

efront@4.38.4

一个开发环境,提供一种自由的前端开发模式,也可作为辅助工具使用。

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 755 file(s), 3.34 MB of source, external domains: acme-v02.api.letsencrypt.org, api.map.baidu.com, baidu.com, detail.1688.com, efront.cc, fanyi-api.baidu.com, gac-geo.googlecnapps.cn, generativelanguage.googleapis.com, ibaotu.com, item.jd.com, lyrics.kugou.com, m.kugou.com, m.kuwo.cn, maponline2.bdimg.com, mobilecdn.kugou.com, music.163.com, music.91q.com, sharefs.yun.kugou.com, tools.mobile.kugou.com, www.kugou.com, www.kuwo.cn, www.w3.org
Oversized source lightweight scan
public/efront.js3.44 MB file, sampled 256 KB
HighEntropyStringsMinified

Source & flagged code

8 flagged · loading source
data/keystore/cross-key.pemView file
1patternName = private_key_rsa severity = critical line = 1 matchedText = -----BEG...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

data/keystore/cross-key.pemView on unpkg · L1
1patternName = private_key_rsa severity = critical line = 1 matchedText = -----BEG...----
Critical
Secret Pattern

RSA private key in data/keystore/cross-key.pem

data/keystore/cross-key.pemView on unpkg · L1
apps/moue/lib/vue.min.jsView file
5*/ L6: !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).Vue=t()}(this,function(){"use str...
Low
Eval

Package source references a known benign dynamic code generation pattern.

apps/moue/lib/vue.min.jsView on unpkg · L5
apps/reptile/now.jsView file
1function main(url) { L2: var electron = require("electron"); L3: var { BrowserWindow } = electron.BrowserWindow ? electron : electron.remote;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

apps/reptile/now.jsView on unpkg · L1
data/packexe-setup.sfxView file
path = data/packexe-setup.sfx kind = native_binary sizeBytes = 805376 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

data/packexe-setup.sfxView on unpkg
coms/third-party/lzma.wasmView file
path = coms/third-party/lzma.wasm kind = wasm_module sizeBytes = 63289 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

coms/third-party/lzma.wasmView on unpkg
public/efront.jsView file
path = public/efront.js kind = oversized_source_file sizeBytes = 3603354 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

public/efront.jsView on unpkg
path = public/efront.js kind = oversized_cli_entrypoint sizeBytes = 3603354 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

public/efront.jsView on unpkg

Findings

2 Critical1 High7 Medium5 Low
CriticalCritical Secretdata/keystore/cross-key.pem
CriticalSecret Patterndata/keystore/cross-key.pem
HighOversized Source Filepublic/efront.js
MediumDynamic Requireapps/reptile/now.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarydata/packexe-setup.sfx
MediumShips Wasm Modulecoms/third-party/lzma.wasm
MediumOversized Cli Entrypointpublic/efront.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalapps/moue/lib/vue.min.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings