registry  /  nekostream  /  2026.1.4

nekostream@2026.1.4

Bettter version of NekoStream

Static Scan Results

scanned 23h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 25 file(s), 368 KB of source, external domains: anime47.best, animehay.ink, animehay01.site, animevietsub.site, api.jikan.moe, cdnjs.cloudflare.com, discord.gg, graphql.anilist.co, media.anilist.co, registry.npmjs.org, s4.anilist.co, www.npmjs.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = playwright install chromium
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = playwright install chromium
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
40const path_1 = __importDefault(require("path")); L41: const child_process_1 = require("child_process"); L42: const prompts_wrapper_1 = __importDefault(require("./prompts-wrapper"));
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L40
583try { L584: (0, child_process_1.execSync)('npm i -g nekostream-cli@latest', { stdio: 'ignore' }); L585: spinner.succeed(chalk_1.default.green('Đã cập nhật thành công! Vui lòng chạy lại lệnh để sử dụng bản mới.'));
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L583

Findings

3 High4 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/index.js
HighRuntime Package Installdist/index.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License