•matchType = previous_version_dangerous_delta
matchedPackage = meno-studio@0.1.1
matchedIdentity = npm:bWVuby1zdHVkaW8:0.1.1
similarity = 0.889
summary = stored previous version shares package body but lacks this dangerous source file
CriticalPrevious Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
studio-server.mjsView on unpkg 2import { createRequire } from 'module'; const require = createRequire(import.meta.url);
L3: var qoe=Object.create;var g2=Object.defineProperty;var Joe=Object.getOwnPropertyDescriptor;var Koe=Object.getOwnPropertyNames;var Yoe=Object.getPrototypeOf,Qoe=Object.prototype.has...
L4: `):String(s)})}}catch(n){let r=n;if(t.throw)throw n;let s=[];if(r.logs&&Array.isArray(r.logs))for(let o of r.logs){let i=[];o.position?.line&&i.push(`Line ${o.position.line}:${o.po...
...
L15:
L16: `)||"Unknown JavaScript error"}}var I2,oL=y(()=>{"use strict";I2=typeof globalThis.Bun<"u"});var qi=X((NMe,uL)=>{"use strict";var iL=["nodebuffer","arraybuffer","fragments"],aL=typ...
L17: `).join(`\r
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
studio-server.mjsView on unpkg · L2 2import { createRequire } from 'module'; const require = createRequire(import.meta.url);
L3: var qoe=Object.create;var g2=Object.defineProperty;var Joe=Object.getOwnPropertyDescriptor;var Koe=Object.getOwnPropertyNames;var Yoe=Object.getPrototypeOf,Qoe=Object.prototype.has...
L4: `):String(s)})}}catch(n){let r=n;if(t.throw)throw n;let s=[];if(r.logs&&Array.isArray(r.logs))for(let o of r.logs){let i=[];o.position?.line&&i.push(`Line ${o.position.line}:${o.po...
...
L15:
L16: `)||"Unknown JavaScript error"}}var I2,oL=y(()=>{"use strict";I2=typeof globalThis.Bun<"u"});var qi=X((NMe,uL)=>{"use strict";var iL=["nodebuffer","arraybuffer","fragments"],aL=typ...
L17: `).join(`\r
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
studio-server.mjsView on unpkg · L2 2import { createRequire } from 'module'; const require = createRequire(import.meta.url);
L3: var qoe=Object.create;var g2=Object.defineProperty;var Joe=Object.getOwnPropertyDescriptor;var Koe=Object.getOwnPropertyNames;var Yoe=Object.getPrototypeOf,Qoe=Object.prototype.has...
L4: `):String(s)})}}catch(n){let r=n;if(t.throw)throw n;let s=[];if(r.logs&&Array.isArray(r.logs))for(let o of r.logs){let i=[];o.position?.line&&i.push(`Line ${o.position.line}:${o.po...
...
L15:
L16: `)||"Unknown JavaScript error"}}var I2,oL=y(()=>{"use strict";I2=typeof globalThis.Bun<"u"});var qi=X((NMe,uL)=>{"use strict";var iL=["nodebuffer","arraybuffer","fragments"],aL=typ...
L17: `).join(`\r
...
L21: \r
L22: `+n)}function Fc(e,t,n,r,s,o){if(e.listenerCount("wsClientError")){let i=new Error(s);Error.captureStackTrace(i,Fc),e.emit("wsClientError",i,n,t)}else fg(n,r,s,o)}});var hF={};ds(h...
L23: font-family: '${s}';
...
L530: var errorText = ${p};
L531: navigator.clipboard.writeText(errorText).then(function() {
L532: var span = copyBtn.querySelector('span');
HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
studio-server.mjsView on unpkg · L2 1507patternName = generic_password
severity = medium
line = 1507
matchedText = )`,enabl...sh(`
2import { createRequire } from 'module'; const require = createRequire(import.meta.url);
L3: var qoe=Object.create;var g2=Object.defineProperty;var Joe=Object.getOwnPropertyDescriptor;var Koe=Object.getOwnPropertyNames;var Yoe=Object.getPrototypeOf,Qoe=Object.prototype.has...
L4: `):String(s)})}}catch(n){let r=n;if(t.throw)throw n;let s=[];if(r.logs&&Array.isArray(r.logs))for(let o of r.logs){let i=[];o.position?.line&&i.push(`Line ${o.position.line}:${o.po...
...
L15:
L16: `)||"Unknown JavaScript error"}}var I2,oL=y(()=>{"use strict";I2=typeof globalThis.Bun<"u"});var qi=X((NMe,uL)=>{"use strict";var iL=["nodebuffer","arraybuffer","fragments"],aL=typ...
L17: `).join(`\r
...
L21: \r
L22: `+n)}function Fc(e,t,n,r,s,o){if(e.listenerCount("wsClientError")){let i=new Error(s);Error.captureStackTrace(i,Fc),e.emit("wsClientError",i,n,t)}else fg(n,r,s,o)}});var hF={};ds(h...
L23: font-family: '${s}';
...
L530: var errorText = ${p};
L531: navigator.clipboard.writeText(errorText).then(function() {
L532: var span = copyBtn.querySelector('span');
LowWeak Crypto
Package source references weak cryptographic algorithms.
studio-server.mjsView on unpkg · L2