muaddib-scanner 2.6.0 → 2.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +4 -4
  2. package/package.json +2 -2
  3. package/src/index.js +15 -4
  4. package/src/scanner/module-graph.js +726 -16
  5. package/src/scoring.js +20 -10
  6. package/src/temporal-runner.js +26 -2
  7. package/evaluate-output.json +0 -20766
  8. package/evaluate-text-output.txt +0 -2799
  9. package/evaluate-v2-output.json +0 -19390
package/evaluate-text-output.txt DELETED
@@ -1,2799 +0,0 @@
1
-
2
- MUAD'DIB Evaluation (v2.5.17)
3
-
4
- [1/4] Ground Truth...
5
- [2/4] Benign npm packages (real source code)...
6
- [2b/4] Benign PyPI packages...
7
- [3/4] Adversarial samples...
8
-
9
- Ground Truth (TPR): 46/49 93.9%
10
- Benign npm (FPR): 121/529 22.9% (3 skipped)
11
- Benign PyPI (FPR): 0/0 0.0% (132 skipped)
12
- Adversarial (ADR): 73/120 60.8%
13
-
14
- Adversarial misses:
15
- ci-trigger-exfil: score 0 < threshold 35
16
- delayed-exfil: score 0 < threshold 30
17
- docker-aware: score 0 < threshold 35
18
- staged-fetch: score 0 < threshold 35
19
- dns-chunk-exfil: score 0 < threshold 35
20
- string-concat-obfuscation: score 0 < threshold 30
21
- postinstall-download: score 0 < threshold 30
22
- dynamic-require: score 0 < threshold 40
23
- iife-exfil: score 0 < threshold 40
24
- conditional-chain: score 0 < threshold 30
25
- template-literal-obfuscation: score 0 < threshold 30
26
- proxy-env-intercept: score 0 < threshold 40
27
- nested-payload: score 0 < threshold 30
28
- dynamic-import: score 0 < threshold 30
29
- websocket-exfil: score 0 < threshold 30
30
- bun-runtime-evasion: score 0 < threshold 25
31
- preinstall-exec: score 0 < threshold 35
32
- remote-dynamic-dependency: score 0 < threshold 35
33
- github-exfil: score 0 < threshold 30
34
- detached-background: score 0 < threshold 35
35
- ai-agent-weaponization: score 0 < threshold 35
36
- ai-config-injection: score 0 < threshold 30
37
- rdd-zero-deps: score 0 < threshold 35
38
- discord-webhook-exfil: score 0 < threshold 30
39
- preinstall-background-fork: score 0 < threshold 35
40
- silent-error-swallow: score 0 < threshold 25
41
- double-base64-exfil: score 0 < threshold 30
42
- crypto-wallet-harvest: score 0 < threshold 25
43
- self-hosted-runner-backdoor: score 0 < threshold 20
44
- dead-mans-switch: score 0 < threshold 30
45
- fake-captcha-fingerprint: score 0 < threshold 20
46
- pyinstaller-dropper: score 0 < threshold 35
47
- gh-cli-token-steal: score 0 < threshold 30
48
- triple-base64-github-push: score 0 < threshold 30
49
- browser-api-hook: score 0 < threshold 20
50
- indirect-eval-bypass: score 0 < threshold 10
51
- muaddib-ignore-bypass: score 0 < threshold 25
52
- mjs-extension-bypass: score 0 < threshold 100
53
- git-hook-persistence: score 0 < threshold 10
54
- native-addon-camouflage: score 0 < threshold 25
55
- stego-png-payload: score 0 < threshold 35
56
- stegabin-vscode-persistence: score 0 < threshold 30
57
- mcp-server-injection: score 0 < threshold 25
58
- getter-defineProperty-exfil: score 10 < threshold 20
59
- setTimeout-eval-chain: score 0 < threshold 20
60
- setter-trap-exfil: score 0 < threshold 20
61
- require-cache-poison: score 10 < threshold 20
62
-
63
- False positives:
64
- fastify: score 68
65
- [LOW] curl_exfiltration: Pattern malveillant "curl_exfiltration" detecte. (integration\test.sh)
66
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\plugin-utils.js)
67
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.networkInterfaces) + network send (dns.lookup) (lib\server.js)
68
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\server.js)
69
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\server.js → test/404s.test.js) (test/404s.test.js)
70
- hapi: score 75
71
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, os.hostname) + network send (get) (lib\core.js)
72
- [HIGH] typosquat_detected: Package "call" resembles "chalk" (missing_char). Age: 5078d, Downloads: 72876/week, Author packages: 11, No README: true, No repo: false. Confidence: MEDIUM (package.json)
73
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\core.js)
74
- next: score 51
75
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\build\adapter\build-complete.js)
76
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\build\babel\loader\get-config.js)
77
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\build\index.js)
78
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\build\jest\jest.js)
79
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\build\load-jsconfig.js)
80
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\build\next-config-ts\require-hook.js)
81
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\build\next-config-ts\require-hook.js)
82
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\build\next-config-ts\transpile-config.js)
83
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\build\next-config-ts\transpile-config.js)
84
- [LOW] dangerous_call_function: Indirect Function via alias "Aa" — eval wrapper evasion. (dist\build\polyfills\polyfill-nomodule.js)
85
- [LOW] prototype_hook: self.fetch overridden — native API hooking for traffic interception. (dist\build\polyfills\polyfill-nomodule.js)
86
- [LOW] prototype_hook: self.Request overridden — native API hooking for traffic interception. (dist\build\polyfills\polyfill-nomodule.js)
87
- [LOW] prototype_hook: self.Response overridden — native API hooking for traffic interception. (dist\build\polyfills\polyfill-nomodule.js)
88
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\build\polyfills\polyfill-nomodule.js)
89
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\build\swc\index.js)
90
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\build\swc\index.js)
91
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\build\swc\index.js)
92
- [LOW] env_proxy_intercept: new Proxy(process.env) detected — intercepts all environment variable access. (dist\build\turborepo-access-trace\env.js)
93
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\build\webpack\config\blocks\css\plugins.js)
94
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\build\webpack\loaders\next-font-loader\index.js)
95
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\build\webpack-config.js)
96
- [LOW] dangerous_call_function: Indirect Function via alias "Aa" — eval wrapper evasion. (dist\bundle-analyzer\_next\static\chunks\a6dad97d9634a72d.js)
97
- [LOW] prototype_hook: self.fetch overridden — native API hooking for traffic interception. (dist\bundle-analyzer\_next\static\chunks\a6dad97d9634a72d.js)
98
- [LOW] prototype_hook: self.Request overridden — native API hooking for traffic interception. (dist\bundle-analyzer\_next\static\chunks\a6dad97d9634a72d.js)
99
- [LOW] prototype_hook: self.Response overridden — native API hooking for traffic interception. (dist\bundle-analyzer\_next\static\chunks\a6dad97d9634a72d.js)
100
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\bundle-analyzer\_next\static\chunks\a6dad97d9634a72d.js)
101
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\bundle-analyzer\_next\static\chunks\turbopack-0fce6f84e5c8c72d.js)
102
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\bundle-analyzer\_next\static\chunks\turbopack-0fce6f84e5c8c72d.js)
103
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\cli\next-info.js)
104
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\cli\next-info.js)
105
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_EXPERIMENTAL_AUTH_INTERRUPTS. (dist\client\components\forbidden.js)
106
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\client\components\router-reducer\fetch-server-response.js)
107
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_EXPERIMENTAL_AUTH_INTERRUPTS. (dist\client\components\unauthorized.js)
108
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\client\page-loader.js)
109
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\client\route-loader.js)
110
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\compiled\@edge-runtime\primitives\fetch.js)
111
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\@edge-runtime\primitives\fetch.js)
112
- [LOW] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (dist\compiled\@edge-runtime\primitives\fetch.js)
113
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\@edge-runtime\primitives\fetch.js)
114
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\compiled\@edge-runtime\primitives\load.js)
115
- [LOW] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (dist\compiled\@edge-runtime\primitives\load.js)
116
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\compiled\@edge-runtime\primitives\load.js)
117
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\compiled\@edge-runtime\primitives\load.js)
118
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\@edge-runtime\primitives\load.js)
119
- [LOW] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (dist\compiled\@edge-runtime\primitives\load.js)
120
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\@edge-runtime\primitives\load.js)
121
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\@modelcontextprotocol\sdk\server\mcp.js)
122
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\compiled\@mswjs\interceptors\ClientRequest\index.js)
123
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\compiled\@next\font\dist\google\fetch-css-from-google-fonts.js)
124
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\compiled\@next\font\dist\google\get-proxy-agent.js)
125
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\compiled\@vercel\nft\index.js)
126
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\compiled\@vercel\nft\index.js)
127
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\compiled\@vercel\nft\index.js)
128
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\compiled\@vercel\nft\index.js)
129
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "s" (plugin loader pattern). (dist\compiled\@vercel\nft\index.js)
130
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require.resolve(basePath)" (dist\compiled\@vercel\nft\index.js)
131
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require.resolve(resolvedPath)" (dist\compiled\@vercel\nft\index.js)
132
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\compiled\@vercel\nft\index.js)
133
- [LOW] dynamic_require: Object property indirection: exports = require('child_process') — hiding dangerous module in object property. (dist\compiled\@vercel\nft\index.js)
134
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\@vercel\nft\index.js)
135
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\compiled\@vercel\nft\index.js)
136
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\@vercel\nft\index.js)
137
- [LOW] env_access: Access to sensitive variable process.env.FIGMA_PERSONAL_ACCESS_TOKEN. (dist\compiled\@vercel\og\index.edge.js)
138
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\compiled\@vercel\og\index.edge.js)
139
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\@vercel\og\index.edge.js)
140
- [LOW] env_access: Access to sensitive variable process.env.FIGMA_PERSONAL_ACCESS_TOKEN. (dist\compiled\@vercel\og\index.node.js)
141
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\compiled\@vercel\og\index.node.js)
142
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\@vercel\og\index.node.js)
143
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\compiled\assert\assert.js)
144
- [LOW] dangerous_call_function: Indirect Function via alias "m" — eval wrapper evasion. (dist\compiled\assert\assert.js)
145
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\babel\bundle.js)
146
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\compiled\babel\bundle.js)
147
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\compiled\babel\bundle.js)
148
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\babel\bundle.js)
149
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "t" (plugin loader pattern). (dist\compiled\babel-packages\packages-bundle.js)
150
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\compiled\babel-packages\packages-bundle.js)
151
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\compiled\babel-packages\packages-bundle.js)
152
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\babel-packages\packages-bundle.js)
153
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\babel-packages\packages-bundle.js)
154
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\compiled\browserslist\index.js)
155
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\compiled\browserslist\index.js)
156
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\compiled\browserslist\index.js)
157
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\browserslist\index.js)
158
- [LOW] dynamic_require: Object property indirection: exports = require('child_process') — hiding dangerous module in object property. (dist\compiled\commander\index.js)
159
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\commander\index.js)
160
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (dist\compiled\comment-json\index.js)
161
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\conf\index.js)
162
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\compiled\conf\index.js)
163
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\conf\index.js)
164
- [LOW] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\conf\index.js)
165
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\conf\index.js)
166
- [LOW] dynamic_require: Object property indirection: exports = require('child_process') — hiding dangerous module in object property. (dist\compiled\cross-spawn\index.js)
167
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\cross-spawn\index.js)
168
- [LOW] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (dist\compiled\crypto-browserify\index.js)
169
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\crypto-browserify\index.js)
170
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\compiled\debug\index.js)
171
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\compiled\edge-runtime\index.js)
172
- [LOW] dynamic_require: Object property indirection: exports = require('net') — hiding dangerous module in object property. (dist\compiled\edge-runtime\index.js)
173
- [LOW] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (dist\compiled\edge-runtime\index.js)
174
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\compiled\edge-runtime\index.js)
175
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\compiled\edge-runtime\index.js)
176
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\edge-runtime\index.js)
177
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\edge-runtime\index.js)
178
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\find-up\index.js)
179
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\glob\glob.js)
180
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\gzip-size\index.js)
181
- [LOW] dynamic_require: Object property indirection: exports = require('net') — hiding dangerous module in object property. (dist\compiled\http-proxy-agent\index.js)
182
- [LOW] dynamic_require: Object property indirection: exports = require('net') — hiding dangerous module in object property. (dist\compiled\https-proxy-agent\index.js)
183
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\image-detector\detector.js)
184
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\image-size\index.js)
185
- [LOW] sandbox_evasion: Sandbox/container detection via statSync("/.dockerenv") — anti-analysis technique. (dist\compiled\is-docker\index.js)
186
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\is-docker\index.js)
187
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\is-wsl\index.js)
188
- [LOW] dynamic_require: Object property indirection: exports = require('child_process') — hiding dangerous module in object property. (dist\compiled\jest-worker\index.js)
189
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "e" (plugin loader pattern). (dist\compiled\jest-worker\index.js)
190
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\compiled\jest-worker\processChild.js)
191
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\compiled\jest-worker\threadChild.js)
192
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\compiled\loader-runner\LoaderRunner.js)
193
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\compiled\loader-runner\LoaderRunner.js)
194
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\loader-runner\LoaderRunner.js)
195
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\compiled\mini-css-extract-plugin\index.js)
196
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\compiled\mini-css-extract-plugin\index.js)
197
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\compiled\mini-css-extract-plugin\loader.js)
198
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\compiled\mini-css-extract-plugin\loader.js)
199
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-devtools\index.js)
200
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
201
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
202
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
203
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
204
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
205
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
206
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
207
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
208
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
209
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "u" (plugin loader pattern). (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
210
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
211
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
212
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
213
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
214
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
215
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
216
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
217
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
218
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
219
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
220
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
221
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
222
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "u" (plugin loader pattern). (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
223
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
224
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
225
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
226
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
227
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
228
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
229
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
230
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
231
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
232
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
233
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
234
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
235
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "u" (plugin loader pattern). (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
236
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
237
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
238
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
239
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\compiled\next-server\app-page.runtime.dev.js)
240
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page.runtime.dev.js)
241
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\compiled\next-server\app-page.runtime.dev.js)
242
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\next-server\app-page.runtime.dev.js)
243
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page.runtime.dev.js)
244
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\compiled\next-server\app-page.runtime.dev.js)
245
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page.runtime.dev.js)
246
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page.runtime.dev.js)
247
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-page.runtime.prod.js)
248
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "u" (plugin loader pattern). (dist\compiled\next-server\app-page.runtime.prod.js)
249
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-page.runtime.prod.js)
250
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-page.runtime.prod.js)
251
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-page.runtime.prod.js)
252
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route-experimental.runtime.dev.js)
253
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route-experimental.runtime.dev.js)
254
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route-experimental.runtime.dev.js)
255
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route-experimental.runtime.dev.js)
256
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route-experimental.runtime.dev.js)
257
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
258
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
259
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
260
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
261
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
262
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route-turbo-experimental.runtime.dev.js)
263
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route-turbo-experimental.runtime.dev.js)
264
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route-turbo-experimental.runtime.dev.js)
265
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route-turbo-experimental.runtime.dev.js)
266
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route-turbo-experimental.runtime.dev.js)
267
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
268
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
269
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
270
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
271
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
272
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route-turbo.runtime.dev.js)
273
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route-turbo.runtime.dev.js)
274
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route-turbo.runtime.dev.js)
275
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route-turbo.runtime.dev.js)
276
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route-turbo.runtime.dev.js)
277
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
278
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
279
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
280
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
281
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
282
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route.runtime.dev.js)
283
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route.runtime.dev.js)
284
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route.runtime.dev.js)
285
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route.runtime.dev.js)
286
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route.runtime.dev.js)
287
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\app-route.runtime.prod.js)
288
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\app-route.runtime.prod.js)
289
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\compiled\next-server\app-route.runtime.prod.js)
290
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\app-route.runtime.prod.js)
291
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\app-route.runtime.prod.js)
292
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages-api-turbo.runtime.dev.js)
293
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages-api-turbo.runtime.dev.js)
294
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages-api-turbo.runtime.dev.js)
295
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages-api-turbo.runtime.dev.js)
296
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
297
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
298
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
299
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
300
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages-api.runtime.dev.js)
301
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages-api.runtime.dev.js)
302
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages-api.runtime.dev.js)
303
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages-api.runtime.dev.js)
304
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages-api.runtime.prod.js)
305
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages-api.runtime.prod.js)
306
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages-api.runtime.prod.js)
307
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages-api.runtime.prod.js)
308
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages-turbo.runtime.dev.js)
309
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages-turbo.runtime.dev.js)
310
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages-turbo.runtime.dev.js)
311
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages-turbo.runtime.dev.js)
312
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages-turbo.runtime.prod.js)
313
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages-turbo.runtime.prod.js)
314
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages-turbo.runtime.prod.js)
315
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages-turbo.runtime.prod.js)
316
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages.runtime.dev.js)
317
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages.runtime.dev.js)
318
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages.runtime.dev.js)
319
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages.runtime.dev.js)
320
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\pages.runtime.prod.js)
321
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\pages.runtime.prod.js)
322
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\pages.runtime.prod.js)
323
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\pages.runtime.prod.js)
324
- [LOW] env_access: Access to sensitive variable process.env.DOTENV_KEY. (dist\compiled\next-server\server.runtime.prod.js)
325
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\compiled\next-server\server.runtime.prod.js)
326
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\compiled\next-server\server.runtime.prod.js)
327
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\compiled\next-server\server.runtime.prod.js)
328
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\next-server\server.runtime.prod.js)
329
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "n" (plugin loader pattern). (dist\compiled\next-server\server.runtime.prod.js)
330
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "e" (plugin loader pattern). (dist\compiled\next-server\server.runtime.prod.js)
331
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\compiled\next-server\server.runtime.prod.js)
332
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\next-server\server.runtime.prod.js)
333
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\next-server\server.runtime.prod.js)
334
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\node-html-parser\index.js)
335
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "_" (plugin loader pattern). (dist\compiled\postcss-preset-env\index.cjs)
336
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\compiled\postcss-preset-env\index.cjs)
337
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\postcss-preset-env\index.cjs)
338
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\compiled\raw-body\index.js)
339
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-client.development.js)
340
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-profiling.development.js)
341
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-server-legacy.browser.development.js)
342
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-server-legacy.node.development.js)
343
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-server.browser.development.js)
344
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-server.edge.development.js)
345
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom\cjs\react-dom-server.node.development.js)
346
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-client.development.js)
347
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-profiling.development.js)
348
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-server-legacy.browser.development.js)
349
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-server-legacy.node.development.js)
350
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-server.browser.development.js)
351
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-server.edge.development.js)
352
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-server.node.development.js)
353
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\react-dom-experimental\cjs\react-dom-unstable_testing.development.js)
354
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\compiled\sass-loader\cjs.js)
355
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\sass-loader\cjs.js)
356
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\schema-utils2\index.js)
357
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\schema-utils3\index.js)
358
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\send\index.js)
359
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\send\index.js)
360
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\serve-handler\index.js)
361
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\setimmediate\setImmediate.js)
362
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\source-map08\source-map.js)
363
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\stream-http\index.js)
364
- [LOW] process_binding_abuse: process.binding('fs') — direct V8 binding access bypasses child_process/fs module detection. (dist\compiled\tar\index.js)
365
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\tar\index.js)
366
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\terser\bundle.min.js)
367
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\compiled\util\util.js)
368
- [LOW] dangerous_call_function: Indirect Function via alias "h" — eval wrapper evasion. (dist\compiled\util\util.js)
369
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\compiled\vm-browserify\index.js)
370
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\watchpack\watchpack.js)
371
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiled\webpack\bundle5.js)
372
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\compiled\webpack\bundle5.js)
373
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\compiled\webpack\bundle5.js)
374
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\compiled\webpack\bundle5.js)
375
- [LOW] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (dist\compiled\webpack\bundle5.js)
376
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "I" (plugin loader pattern). (dist\compiled\webpack\bundle5.js)
377
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\compiled\webpack\bundle5.js)
378
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\compiled\webpack\bundle5.js)
379
- [LOW] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (dist\compiled\webpack\bundle5.js)
380
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\compiled\webpack\bundle5.js)
381
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\compiled\webpack\bundle5.js)
382
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\compiled\webpack\bundle5.js)
383
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiled\webpack\bundle5.js)
384
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\compiled\webpack\bundle5.js)
385
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\webpack\HotModuleReplacement.runtime.js)
386
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\compiled\webpack\JavascriptHotModuleReplacement.runtime.js)
387
- [LOW] prototype_hook: WebSocket.prototype.addEventListener overridden — native API hooking for traffic interception. (dist\compiled\ws\index.js)
388
- [LOW] prototype_hook: WebSocket.prototype.removeEventListener overridden — native API hooking for traffic interception. (dist\compiled\ws\index.js)
389
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\compiled\ws\index.js)
390
- [LOW] dynamic_require: Object property indirection: exports = require('net') — hiding dangerous module in object property. (dist\compiled\ws\index.js)
391
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\build\adapter\build-complete.js)
392
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\build\babel\loader\get-config.js)
393
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\build\index.js)
394
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\build\load-jsconfig.js)
395
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\esm\build\next-config-ts\require-hook.js)
396
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\esm\build\next-config-ts\require-hook.js)
397
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\build\next-config-ts\transpile-config.js)
398
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\build\next-config-ts\transpile-config.js)
399
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\build\swc\index.js)
400
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\build\swc\index.js)
401
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\esm\build\swc\index.js)
402
- [LOW] env_proxy_intercept: new Proxy(process.env) detected — intercepts all environment variable access. (dist\esm\build\turborepo-access-trace\env.js)
403
- [LOW] prototype_hook: net.Socket.prototype.connect overridden — Node.js core module prototype hooking for traffic interception. (dist\esm\build\turborepo-access-trace\tcp.js)
404
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\build\webpack\config\blocks\css\plugins.js)
405
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\build\webpack\loaders\next-font-loader\index.js)
406
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\build\webpack-config.js)
407
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_EXPERIMENTAL_AUTH_INTERRUPTS. (dist\esm\client\components\forbidden.js)
408
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\client\components\router-reducer\fetch-server-response.js)
409
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_EXPERIMENTAL_AUTH_INTERRUPTS. (dist\esm\client\components\unauthorized.js)
410
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\client\page-loader.js)
411
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\client\route-loader.js)
412
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\export\helpers\create-incremental-cache.js)
413
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\export\index.js)
414
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\esm\lib\download-swc.js)
415
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\lib\find-config.js)
416
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\lib\find-config.js)
417
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\esm\lib\helpers\get-cache-directory.js)
418
- [LOW] download_exec_binary: Download-execute pattern: remote fetch + chmod executable + execSync in same file. Binary dropper camouflaged as native addon build. (dist\esm\lib\mkcert.js)
419
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\lib\mkcert.js)
420
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\esm\lib\static-env.js)
421
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\lib\verify-partytown-setup.js)
422
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\lib\verify-typescript-setup.js)
423
- [LOW] dangerous_call_exec: spawn('cmd.exe') — direct shell process spawn detected. (dist\esm\next-devtools\server\launch-editor.js)
424
- [LOW] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (dist\esm\next-devtools\server\launch-editor.js)
425
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\api-utils\node\api-resolver.js)
426
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\server\app-render\action-handler.js)
427
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\app-render\action-handler.js)
428
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\esm\server\base-server.js)
429
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\server\config.js)
430
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\server\config.js)
431
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\esm\server\config.js)
432
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\esm\server\crypto-utils.js)
433
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\server\dev\next-dev-server.js)
434
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\esm\server\dev\require-cache.js)
435
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\lib\dedupe-fetch.js)
436
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\lib\incremental-cache\index.js)
437
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\server\lib\module-loader\node-module-loader.js)
438
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\esm\server\lib\patch-fetch.js)
439
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\lib\patch-fetch.js)
440
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\server\lib\render-server.js)
441
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\esm\server\lib\router-server.js)
442
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\server\lib\router-utils\instrumentation-globals.external.js)
443
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\server\next-server.js)
444
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\esm\server\next-server.js)
445
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\server\next-server.js)
446
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\server\next.js)
447
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\server\og\image-response.js)
448
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\server\require.js)
449
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\esm\server\route-matcher-providers\helpers\manifest-loaders\node-manifest-loader.js)
450
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\esm\server\route-matcher-providers\helpers\manifest-loaders\node-manifest-loader.js)
451
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\esm\server\route-modules\route-module.js)
452
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\stream-utils\node-web-streams-helper.js)
453
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\server\typescript\rules\config.js)
454
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_EXPERIMENTAL_AUTH_INTERRUPTS. (dist\esm\server\web\edge-route-module-wrapper.js)
455
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_PREVIEW_MODE_SIGNING_KEY. (dist\esm\server\web\get-edge-preview-props.js)
456
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\esm\server\web\sandbox\context.js)
457
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\shared\lib\router\router.js)
458
- [LOW] prototype_hook: global.fetch overridden — native API hooking for traffic interception. (dist\experimental\testmode\fetch.js)
459
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\export\helpers\create-incremental-cache.js)
460
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\export\index.js)
461
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\lib\download-swc.js)
462
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\lib\find-config.js)
463
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\lib\find-config.js)
464
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\lib\helpers\get-cache-directory.js)
465
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\lib\mkcert.js)
466
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\lib\static-env.js)
467
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\lib\verify-partytown-setup.js)
468
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\lib\verify-typescript-setup.js)
469
- [LOW] dangerous_call_exec: spawn('cmd.exe') — direct shell process spawn detected. (dist\next-devtools\server\launch-editor.js)
470
- [MEDIUM] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (dist\next-devtools\server\launch-editor.js)
471
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\api-utils\node\api-resolver.js)
472
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\server\app-render\action-handler.js)
473
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\app-render\action-handler.js)
474
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\server\base-server.js)
475
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\server\config.js)
476
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\server\config.js)
477
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\server\config.js)
478
- [MEDIUM] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\server\crypto-utils.js)
479
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\server\dev\next-dev-server.js)
480
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\server\dev\require-cache.js)
481
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\lib\dedupe-fetch.js)
482
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\lib\incremental-cache\index.js)
483
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\server\lib\module-loader\node-module-loader.js)
484
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\server\lib\patch-fetch.js)
485
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\lib\patch-fetch.js)
486
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\server\lib\render-server.js)
487
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (dist\server\lib\router-server.js)
488
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\server\lib\router-utils\instrumentation-globals.external.js)
489
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\server\next-server.js)
490
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\server\next-server.js)
491
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\server\next-server.js)
492
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\server\next.js)
493
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\server\og\image-response.js)
494
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\server\require.js)
495
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\server\route-matcher-providers\helpers\manifest-loaders\node-manifest-loader.js)
496
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\server\route-matcher-providers\helpers\manifest-loaders\node-manifest-loader.js)
497
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\server\route-modules\route-module.js)
498
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\stream-utils\node-web-streams-helper.js)
499
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\server\typescript\rules\config.js)
500
- [LOW] env_access: Access to sensitive variable process.env.__NEXT_EXPERIMENTAL_AUTH_INTERRUPTS. (dist\server\web\edge-route-module-wrapper.js)
501
- [MEDIUM] env_access: Access to sensitive variable process.env.__NEXT_PREVIEW_MODE_SIGNING_KEY. (dist\server\web\get-edge-preview-props.js)
502
- [HIGH] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\server\web\sandbox\context.js)
503
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\shared\lib\router\router.js)
504
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\telemetry\events\plugins.js)
505
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\telemetry\events\swc-load-failure.js)
506
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\telemetry\events\swc-plugins.js)
507
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (dist\build\polyfills\polyfill-nomodule.js)
508
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (dist\bundle-analyzer\_next\static\chunks\89d663145a0f72b9.js)
509
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (dist\bundle-analyzer\_next\static\chunks\a6dad97d9634a72d.js)
510
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: long_single_lines, hex_escapes, unicode_escapes, base64_eval (dist\compiled\@modelcontextprotocol\sdk\server\mcp.js)
511
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\compiled\@vercel\nft\index.js)
512
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: hex_escapes, unicode_escapes, string_array, base64_eval (dist\compiled\@vercel\og\index.edge.js)
513
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: hex_escapes, unicode_escapes, string_array, base64_eval (dist\compiled\@vercel\og\index.node.js)
514
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: unicode_escapes, base64_eval (dist\compiled\babel\bundle.js)
515
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, string_array (dist\compiled\debug\index.js)
516
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (dist\compiled\edge-runtime\index.js)
517
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (dist\compiled\json5\index.js)
518
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: long_single_lines, hex_escapes, unicode_escapes, base64_eval (dist\compiled\next-server\app-page-experimental.runtime.dev.js)
519
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
520
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: long_single_lines, hex_escapes, unicode_escapes, base64_eval (dist\compiled\next-server\app-page-turbo-experimental.runtime.dev.js)
521
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
522
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: long_single_lines, hex_escapes, unicode_escapes, base64_eval (dist\compiled\next-server\app-page-turbo.runtime.dev.js)
523
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
524
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: long_single_lines, hex_escapes, unicode_escapes, base64_eval (dist\compiled\next-server\app-page.runtime.dev.js)
525
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\app-page.runtime.prod.js)
526
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route-experimental.runtime.dev.js)
527
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
528
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route-turbo-experimental.runtime.dev.js)
529
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
530
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route-turbo.runtime.dev.js)
531
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
532
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route.runtime.dev.js)
533
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\app-route.runtime.prod.js)
534
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\pages-api-turbo.runtime.dev.js)
535
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
536
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\pages-api.runtime.dev.js)
537
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\next-server\pages-api.runtime.prod.js)
538
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\pages-turbo.runtime.dev.js)
539
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\pages-turbo.runtime.prod.js)
540
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\pages.runtime.dev.js)
541
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\pages.runtime.prod.js)
542
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (dist\compiled\next-server\server.runtime.prod.js)
543
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\node-html-parser\index.js)
544
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\schema-utils2\index.js)
545
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (dist\compiled\schema-utils3\index.js)
546
- [LOW] obfuscation_detected: Code obfusque (score: 75). Signaux: hex_escapes, unicode_escapes, base64_eval (dist\compiled\terser\bundle.min.js)
547
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: unicode_escapes, base64_eval (dist\compiled\webpack\bundle5.js)
548
- [LOW] obfuscation_detected: Code obfusque (score: 55). Signaux: long_single_lines, base64_eval (dist\compiled\zod\index.cjs)
549
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\compiled\@edge-runtime\primitives\load.js)
550
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (request, get, get, get, get, get, get, get, get) (dist\compiled\@mswjs\interceptors\ClientRequest\index.js)
551
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\compiled\@vercel\nft\index.js)
552
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_config_arch, os.arch, npm_config_platform, os.platform, process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, eval, eval, get, get, eval, eval, eval, eval, eval) (dist\compiled\@vercel\nft\index.js)
553
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (FIGMA_PERSONAL_ACCESS_TOKEN) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, fetch, get, fetch, fetch, fetch, fetch, fetch, fetch, get, fetch, fetch, fetch) (dist\compiled\@vercel\og\index.edge.js)
554
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (FIGMA_PERSONAL_ACCESS_TOKEN) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, fetch, get, fetch, fetch, fetch, fetch, fetch, fetch, get, fetch, fetch) (dist\compiled\@vercel\og\index.node.js)
555
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], matchToToken, readFile, process.env[dynamic], readFile, process.env[dynamic], process.env[dynamic], TokenContext, process.env[dynamic], process.env[dynamic], TokenContext, TokenContext, process.env[dynamic], TokenContext, TokenContext, TokenContext, process.env[dynamic], process.env[dynamic], TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, TokenContext, process.env[dynamic], key, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], isKeyword, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], key, key, key, process.env[dynamic], key, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], key, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], tokens, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\babel\bundle.js)
556
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], HOME, LOGNAME, USER, USERNAME, USERPROFILE, matchToToken, key, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], isKeyword, process.env[dynamic], process.env[dynamic], process.env[dynamic], key, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], GET_VISITOR_KEYS, GET_TOKEN_LABELS) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\babel-packages\packages-bundle.js)
557
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey) + network send (get, get) (dist\compiled\crypto-browserify\index.js)
558
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\compiled\edge-runtime\index.js)
559
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\jsonwebtoken\index.js)
560
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + network send (get, get, get, get, fs.toString, fs.toString, fs.hasOwnProperty, get, get, get, get, fs.toString, get, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, fs.toString, fs.toString, get, fs.toString, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, get, get, get, get, get, fs.toString, get, get, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, get, get, get, get, fs.toString, fs.toString, get, get, get, get, fs.toString, fs.toString, get, fs.toString, fs.toString, fs.toString, fs.toString, get, get, fs.toString, get, get, get, get, get, get, get, get, fs.toString, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get, get, get, get, fs.toString, fs.toString, fetch, get, get, get, get, get, fetch, get, get, get, get, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, get, get, fetch, get, get, fetch, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
561
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
562
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + network send (get, get, get, get, fs.toString, fs.toString, fs.hasOwnProperty, get, get, get, get, fs.toString, get, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, fs.toString, fs.toString, fs.toString, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, get, get, get, get, get, fs.toString, get, get, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, get, get, get, get, fs.toString, fs.toString, get, get, get, get, fs.toString, fs.toString, get, fs.toString, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, get, get, get, get, fs.toString, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get, get, get, get, fs.toString, fs.toString, fetch, get, get, get, get, get, fetch, get, get, get, get, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, get, get, fetch, get, get, fetch, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
563
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-page-turbo-experimental.runtime.prod.js)
564
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + network send (get, get, get, get, fs.toString, fs.toString, fs.hasOwnProperty, get, get, get, get, fs.toString, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, fs.toString, get, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, get, get, fs.toString, fs.toString, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, fs.toString, get, get, get, fs.toString, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get, get, get, get, fs.toString, fs.toString, fetch, get, get, get, get, get, fetch, get, get, get, get, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, get, get, fetch, get, get, fetch, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
565
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-page-turbo.runtime.prod.js)
566
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + network send (get, get, get, get, fs.toString, fs.toString, fs.hasOwnProperty, get, get, get, get, fs.toString, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, fs.toString, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, fs.toString, get, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, get, get, fs.toString, fs.toString, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, fs.toString, get, get, get, get, get, get, get, get, fs.toString, get, get, get, fs.toString, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get, get, get, get, fs.toString, fs.toString, fetch, get, get, get, get, get, fetch, get, get, get, get, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, get, get, fetch, get, get, fetch, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-page.runtime.prod.js)
567
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFile, readFile, readFile) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-page.runtime.prod.js)
568
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + network send (get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, fs.toString, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
569
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-route-experimental.runtime.prod.js)
570
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + network send (get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, fs.toString, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
571
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-route-turbo-experimental.runtime.prod.js)
572
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + network send (get, get, get, get, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, fs.toString, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
573
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-route-turbo.runtime.prod.js)
574
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + network send (get, get, get, get, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, fs.toString, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\app-route.runtime.prod.js)
575
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.toString, readFile, readFile, readFile, fs.toString, fs.toString, fs.toString) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\app-route.runtime.prod.js)
576
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (readFile, readFile, readFile, fs.toString) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fetch, get, get) (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
577
- [LOW] credential_tampering: Cache poisoning: sensitive data access (readFile, readFile, readFile, fs.toString) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\pages-api-turbo.runtime.prod.js)
578
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (readFile, readFile, readFile, fs.toString) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fetch, get, get) (dist\compiled\next-server\pages-api.runtime.prod.js)
579
- [LOW] credential_tampering: Cache poisoning: sensitive data access (readFile, readFile, readFile, fs.toString) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\pages-api.runtime.prod.js)
580
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (readFile, readFile, readFile, fs.hasOwnProperty) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get) (dist\compiled\next-server\pages-turbo.runtime.prod.js)
581
- [LOW] credential_tampering: Cache poisoning: sensitive data access (readFile, readFile, readFile, fs.hasOwnProperty) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\pages-turbo.runtime.prod.js)
582
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (readFile, readFile, readFile, fs.hasOwnProperty) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get) (dist\compiled\next-server\pages.runtime.prod.js)
583
- [LOW] credential_tampering: Cache poisoning: sensitive data access (readFile, readFile, readFile, fs.hasOwnProperty) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\pages.runtime.prod.js)
584
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], DOTENV_KEY, DOTENV_KEY, DOTENV_KEY, readFileSync, password, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], readFileSync, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], key, key, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], readFile, readFile, readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFileSync, process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\next-server\server.runtime.prod.js)
585
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], DOTENV_KEY, DOTENV_KEY, DOTENV_KEY, readFileSync, password, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], readFileSync, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], key, key, key, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], readFile, readFile, readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFileSync, process.env[dynamic]) + write to sensitive path (writeFile, writeFile) (dist\compiled\next-server\server.runtime.prod.js)
586
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], keyword, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get) (dist\compiled\ora\index.js)
587
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get) (dist\compiled\postcss-safe-parser\safe-parse.js)
588
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\compiled\sass-loader\cjs.js)
589
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (USER) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\tar\index.js)
590
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (readFile, readFileSync, readdirSync, readdirSync, readdirSync, readFileSync, readFileSync, readFileSync, readdir, readFile, process.env[dynamic], process.env[dynamic], readFile, readFile, readdir, readdir, readdir, readFile, readFileSync, readFile, readFile, readFile) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\compiled\webpack\bundle5.js)
591
- [LOW] credential_tampering: Cache poisoning: sensitive data access (readFile, readFileSync, readdirSync, readdirSync, readdirSync, readFileSync, readFileSync, readFileSync, readdir, readFile, process.env[dynamic], process.env[dynamic], readFile, readFile, readdir, readdir, readdir, readFile, readFileSync, readFile, readFile, readFile) + write to sensitive path (writeFile, writeFile, writeFile) (dist\compiled\webpack\bundle5.js)
592
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.freemem) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\esm\build\index.js)
593
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (fetch) (dist\esm\lib\download-swc.js)
594
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get) (dist\esm\server\config.js)
595
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.cpus, os.platform, os.freemem, os.totalmem) + network send (get) (dist\esm\server\lib\start-server.js)
596
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (__NEXT_FETCH_CACHE_KEY_PREFIX) + network send (get, get, get, get, get, get, get, get) (dist\esm\server\web\adapter.js)
597
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get, fetch) (dist\lib\download-swc.js)
598
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get) (dist\server\config.js)
599
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (__NEXT_FETCH_CACHE_KEY_PREFIX) + network send (get, get, get, get, get, get, get, get) (dist\server\web\adapter.js)
600
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\build\polyfills\polyfill-nomodule.js)
601
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\build\polyfills\polyfill-nomodule.js → dist\compiled\@mswjs\interceptors\ClientRequest\index.js) (dist\compiled\@mswjs\interceptors\ClientRequest\index.js)
602
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\compiled\@mswjs\interceptors\ClientRequest\index.js)
603
- [LOW] intent_credential_exfil: Intent coherence: credential_read → file_tamper (dist\compiled\next-server\app-page-experimental.runtime.prod.js)
604
- gatsby: score 40
605
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
606
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
607
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (cache-dir\commonjs\ssr-builtin-trackers\tracking-unsafe-module-wrapper.js)
608
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (cache-dir\loader.js)
609
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (cache-dir\ssr-builtin-trackers\tracking-unsafe-module-wrapper.js)
610
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\bootstrap\get-config-file.js)
611
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\bootstrap\load-config\index.js)
612
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\bootstrap\load-plugins\validate.js)
613
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\bootstrap\resolve-module-exports.js)
614
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\commands\develop.js)
615
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\develop.js)
616
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\serve.js)
617
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\internal-plugins\functions\gatsby-node.js)
618
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\internal-plugins\functions\middleware.js)
619
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\internal-plugins\functions\middleware.js)
620
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\internal-plugins\internal-data-bridge\gatsby-node.js)
621
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\internal-plugins\internal-data-bridge\gatsby-node.js)
622
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\internal-plugins\internal-data-bridge\gatsby-node.js)
623
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\utils\adapter\init.js)
624
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\utils\babel-loader-helpers.js)
625
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\utils\browserslist.js)
626
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\utils\clear-require-cache.js)
627
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\dev-ssr\render-dev-html-child.js)
628
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\utils\dev-ssr\render-dev-html-child.js)
629
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\utils\dev-ssr\render-dev-html.js)
630
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\dev-ssr\render-dev-html.js)
631
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\utils\feedback.js)
632
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\utils\flags.js)
633
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\get-latest-gatsby-files.js)
634
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\utils\import-gatsby-plugin.js)
635
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\utils\local-eslint-config-finder.js)
636
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\utils\nodes.js)
637
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\page-mode.js)
638
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\utils\parcel\compile-gatsby-files.js)
639
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\utils\parcel\compile-gatsby-files.js)
640
- [LOW] env_access: Access to sensitive variable process.env.GATSBY_REFRESH_TOKEN. (dist\utils\start-server.js)
641
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\start-server.js)
642
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\tracer\index.js)
643
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\utils\validate-engines\child.js)
644
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\webpack\plugins\webpack-logging.js)
645
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\utils\webpack.config.js)
646
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\utils\worker\child\index.js)
647
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\utils\worker\child\render-html.js)
648
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\worker\child\render-html.js)
649
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.platform) + network send (get, get, get) (dist\redux\actions\public.js)
650
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (GATSBY_REFRESH_TOKEN, GATSBY_REFRESH_TOKEN) + network send (get, post, get, get, get, get, get, get, get, get) (dist\utils\start-server.js)
651
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get) (dist\utils\worker\child\render-html.js)
652
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\bootstrap\load-config\index.js → dist\redux\actions\public.js) (dist\redux\actions\public.js)
653
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\utils\start-server.js)
654
- moleculer: score 100
655
- [HIGH] env_access: Access to sensitive variable process.env.DATADOG_API_KEY. (src\loggers\datadog.js)
656
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\loggers\datadog.js)
657
- [HIGH] env_access: Access to sensitive variable process.env.DATADOG_API_KEY. (src\metrics\reporters\datadog.js)
658
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\metrics\reporters\datadog.js)
659
- [CRITICAL] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (src\middlewares\hot-reload.js)
660
- [HIGH] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (src\middlewares\transmit\encryption.js)
661
- [HIGH] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (src\middlewares\transmit\encryption.js)
662
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\runner-esm.mjs)
663
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (src\runner-esm.mjs)
664
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\runner.js)
665
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\runner.js)
666
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\service-broker.js)
667
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\tracing\exporters\datadog-simple.js)
668
- [CRITICAL] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (src\utils.js)
669
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (DATADOG_API_KEY, os.hostname) + network send (fetch) (src\loggers\datadog.js)
670
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, DATADOG_API_KEY) + network send (fetch) (src\metrics\reporters\datadog.js)
671
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname) + network send (get, get, get) (src\registry\node-catalog.js)
672
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, os.networkInterfaces) + network send (get) (src\utils.js)
673
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (src\loggers\datadog.js)
674
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: src\loggers\datadog.js → src\metrics\reporters\datadog.js) (src\metrics\reporters\datadog.js)
675
- keystone: score 100
676
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\11bbac-App\index.js)
677
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\11bbac-App\index.js)
678
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\17826a-App\index.js)
679
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\17826a-App\index.js)
680
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\4e1a5e-App\index.js)
681
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\4e1a5e-App\index.js)
682
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\56723d-App\index.js)
683
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\56723d-App\index.js)
684
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\609660-App\index.js)
685
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\609660-App\index.js)
686
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\707e02-App\index.js)
687
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\707e02-App\index.js)
688
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\771f81-App\index.js)
689
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\771f81-App\index.js)
690
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\95d2e3-App\index.js)
691
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\95d2e3-App\index.js)
692
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\9970f7-App\index.js)
693
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\9970f7-App\index.js)
694
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\9afdaf-App\index.js)
695
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\9afdaf-App\index.js)
696
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\a5d5b2-App\index.js)
697
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\a5d5b2-App\index.js)
698
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\bundles\js\f93540-App\index.js)
699
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\bundles\js\f93540-App\index.js)
700
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (admin\public\js\lib\codemirror\codemirror-compressed.js)
701
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\public\js\lib\codemirror\codemirror-compressed.js)
702
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (admin\public\js\lib\jquery\jquery-1.10.2.js)
703
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (admin\public\js\lib\jquery\jquery-1.10.2.js)
704
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\public\js\lib\jquery\jquery-1.10.2.min.js)
705
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (admin\public\js\packages.js)
706
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (admin\server\middleware\browserify.js)
707
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (build.js)
708
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (fields\types\location\LocationType.js)
709
- [HIGH] env_access: Access to sensitive variable process.env.SSL_KEY. (index.js)
710
- [HIGH] env_access: Access to sensitive variable process.env.COOKIE_SECRET. (index.js)
711
- [HIGH] env_access: Access to sensitive variable process.env.EMBEDLY_API_KEY. (index.js)
712
- [HIGH] env_access: Access to sensitive variable process.env.MANDRILL_API_KEY. (index.js)
713
- [HIGH] env_access: Access to sensitive variable process.env.GOOGLE_BROWSER_KEY. (index.js)
714
- [HIGH] env_access: Access to sensitive variable process.env.GOOGLE_SERVER_KEY. (index.js)
715
- [HIGH] env_access: Access to sensitive variable process.env.S3_KEY. (index.js)
716
- [HIGH] env_access: Access to sensitive variable process.env.S3_SECRET. (index.js)
717
- [HIGH] env_access: Access to sensitive variable process.env.AZURE_STORAGE_ACCESS_KEY. (index.js)
718
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\core\importer.js)
719
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\safeRequire.js)
720
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\updates.js)
721
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (admin\public\js\packages.js)
722
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (KEYSTONE_DEV, KEYSTONE_PREBUILD_ADMIN) + network send (get, get, get, get, get) (admin\server\app\createStaticRouter.js)
723
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (KEYSTONE_DEV, KEYSTONE_WRITE_BUNDLES, KEYSTONE_WRITE_DISC) + network send (get) (admin\server\middleware\browserify.js)
724
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (KEYSTONE_DEV) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (admin\server\routes\index.js)
725
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (SSL_KEY, COOKIE_SECRET, EMBEDLY_API_KEY, EMBEDLY_APIKEY, MANDRILL_API_KEY, MANDRILL_APIKEY, GOOGLE_BROWSER_KEY, GOOGLE_SERVER_KEY, S3_KEY, S3_SECRET, S3_KEY, S3_SECRET, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY) + network send (get, get, get, get) (index.js)
726
- [LOW] js_obfuscation_pattern: Long base64 payload detected (284 chars) — possible encoded malicious code (fields\types\password\test\type.js)
727
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (admin\bundles\js\11bbac-App\index.js)
728
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: admin\bundles\js\11bbac-App\index.js → admin\server\app\createStaticRouter.js) (admin\server\app\createStaticRouter.js)
729
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (index.js)
730
- blitz: score 34
731
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\chunks\console.cjs)
732
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\chunks\console.cjs)
733
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\chunks\console.mjs)
734
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\chunks\console.mjs)
735
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\chunks\db.cjs)
736
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\chunks\db.mjs)
737
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\chunks\index2.cjs)
738
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\chunks\index2.mjs)
739
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\chunks\next-commands.cjs)
740
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\chunks\next-commands.mjs)
741
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\chunks\routes-manifest.cjs)
742
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\chunks\routes-manifest.mjs)
743
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.cpus) + network send (eval) (dist\chunks\routes-manifest.mjs)
744
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\chunks\routes-manifest.mjs)
745
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\chunks\routes-manifest.mjs)
746
- meteor: score 53
747
- [MEDIUM] lifecycle_script: Script "install" detected. Common attack vector. (package.json)
748
- [CRITICAL] dangerous_exec: Dangerous shell command in exec(): "powershell -c "$path = (Get-Item 'HKCU:\\Environment').GetValue('Path', '', 'DoN" (install.js)
749
- [CRITICAL] dangerous_exec: Dangerous command in template literal exec(): "powershell -c "$path = (Get-Item 'HKCU:\\Environment').GetValue('Path', '', 'DoN" — template literal evasion. (install.js)
750
- total.js: score 100
751
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (bundles.js)
752
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (flow.js)
753
- [HIGH] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (index.js)
754
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (index.js)
755
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (index.js)
756
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (index.js)
757
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (index.js)
758
- [HIGH] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (index.js)
759
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (index.js)
760
- [CRITICAL] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (index.js)
761
- [HIGH] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (index.js)
762
- [CRITICAL] fetch_decrypt_exec: Steganographic payload chain: remote fetch + crypto decryption + dynamic execution. No legitimate package uses this pattern. (index.js)
763
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (index.js)
764
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (internal.js)
765
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (internal.js)
766
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (nosql.js)
767
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (nosql.js)
768
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (nosqlcrawler.js)
769
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (nosqlworker.js)
770
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (nosqlworker.js)
771
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (tangular.js)
772
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (utils.js)
773
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (utils.js)
774
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (utils.js)
775
- [CRITICAL] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (utils.js)
776
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (utils.js)
777
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync) + write to sensitive path (fs.writeFileSync) (bundles.js)
778
- [LOW] credential_tampering: Cache poisoning: sensitive data access (os.platform, os.release, fs.readdir) + write to sensitive path (fs.writeFile) (cluster.js)
779
- [LOW] credential_tampering: Cache poisoning: sensitive data access (os.platform, fs.readdir) + write to sensitive path (fs.writeFileSync) (debug.js)
780
- [CRITICAL] staged_payload: Network fetch + eval() in same file (staged payload execution). (index.js)
781
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, os.platform, os.arch, os.release, os.platform, fs.readFile, fs.readdirSync, fs.readFileSync, fs.readdirSync, fs.readdirSync, fs.readdirSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFile, fs.readFileSync, fs.readFileSync, os.platform, os.release, os.userInfo, os.networkInterfaces, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, process.env[dynamic], fs.readFileSync, fs.readdirSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, process.env[dynamic], fs.readFileSync, fs.readFileSync, fs.readFile, fs.readFile, fs.readFile) + network send (get, request, eval, eval, eval, eval, eval, request, get, https.get, request, https.request, get, http.get, request, http.request, get, request, get) (index.js)
782
- [LOW] credential_tampering: Cache poisoning: sensitive data access (os.hostname, os.platform, os.arch, os.release, os.platform, fs.readFile, fs.readdirSync, fs.readFileSync, fs.readdirSync, fs.readdirSync, fs.readdirSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFile, fs.readFileSync, fs.readFileSync, os.platform, os.release, os.userInfo, os.networkInterfaces, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, process.env[dynamic], fs.readFileSync, fs.readdirSync, fs.readFileSync, fs.readFileSync, fs.readFileSync, process.env[dynamic], fs.readFileSync, fs.readFileSync, fs.readFile, fs.readFile, fs.readFile) + write to sensitive path (fs.writeFile, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFile, fs.writeFileSync, fs.writeFile, fs.writeFileSync, fs.writeFile, fs.writeFile, fs.writeFile, fs.writeFile) (index.js)
783
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.readFileSync, fs.readFile, fs.readFileSync, fs.readFileSync, fs.readFileSync) + network send (eval, eval) (internal.js)
784
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.readFile, fs.readFileSync, fs.readdirSync, fs.readFileSync, fs.readdir, fs.readdir, fs.readdir, fs.readdir, fs.readdir, fs.readFileSync) + network send (eval, eval) (nosql.js)
785
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.readFile, fs.readFileSync, fs.readdirSync, fs.readFileSync, fs.readdir, fs.readdir, fs.readdir, fs.readdir, fs.readdir, fs.readFileSync) + write to sensitive path (fs.writeFileSync, fs.writeFile, fs.writeFile, fs.writeFile, fs.writeFile) (nosql.js)
786
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.readFileSync) + network send (get, get, get, get, get, get, get) (session.js)
787
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs.readFileSync) + write to sensitive path (fs.writeFile) (session.js)
788
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], fs.readdir, fs.readFile) + network send (dns.resolve4, dns.resolve4, request, socket.connect, tls.connect, request, get, request, request, get, request, request) (utils.js)
789
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], fs.readdir, fs.readFile) + write to sensitive path (fs.writeFile, fs.writeFile, fs.writeFile, fs.writeFile, fs.writeFile) (utils.js)
790
- [MEDIUM] high_entropy_string: High entropy string (5.50 bits, 823 chars) — possible base64/hex/encrypted payload (nosql.js)
791
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (index.js)
792
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (index.js)
793
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (index.js)
794
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: index.js → internal.js) (internal.js)
795
- react-dom: score 31
796
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-client.development.js)
797
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-profiling.development.js)
798
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-server-legacy.browser.development.js)
799
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-server-legacy.node.development.js)
800
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-server.browser.development.js)
801
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-server.bun.development.js)
802
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-server.edge.development.js)
803
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\react-dom-server.node.development.js)
804
- @angular/core: score 33
805
- [LOW] env_access: Dynamic access to process.env (variable key). (schematics\bundles\project_paths-D2V-Uh2L.cjs)
806
- [LOW] env_access: Dynamic access to process.env (variable key). (schematics\bundles\signal-input-migration.cjs)
807
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get) (schematics\bundles\project_paths-D2V-Uh2L.cjs)
808
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (schematics\bundles\signal-input-migration.cjs)
809
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (schematics\bundles\project_paths-D2V-Uh2L.cjs)
810
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: schematics\bundles\project_paths-D2V-Uh2L.cjs → schematics\bundles\signal-input-migration.cjs) (schematics\bundles\signal-input-migration.cjs)
811
- @angular/common: score 43
812
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (fesm2022\_module-chunk.mjs)
813
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: fesm2022\_module-chunk.mjs → fesm2022/_module-chunk.mjs) (fesm2022/_module-chunk.mjs)
814
- svelte: score 27
815
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (src\internal\server\crypto.js)
816
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (compiler\index.js)
817
- [HIGH] high_entropy_string: High entropy string (7.63 bits, 929 chars) — possible base64/hex/encrypted payload (compiler\index.js)
818
- [HIGH] high_entropy_string: High entropy string (7.24 bits, 567 chars) — possible base64/hex/encrypted payload (compiler\index.js)
819
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (compiler\index.js)
820
- riot: score 100
821
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (cjs\riot+compiler.cjs)
822
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (cjs\riot+compiler.cjs)
823
- [CRITICAL] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (cjs\riot+compiler.cjs)
824
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\riot+compiler.cjs)
825
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (esm\compiler\evaluate.js)
826
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (esm\dependencies\@riotjs\compiler\dist\compiler.essential.js)
827
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (esm\utils\create-runtime-slots.js)
828
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (riot+compiler.js)
829
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (riot+compiler.js)
830
- [CRITICAL] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (riot+compiler.js)
831
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (riot+compiler.js)
832
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (riot+compiler.min.js)
833
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (riot+compiler.min.js)
834
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (riot+compiler.min.js)
835
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (cjs\riot+compiler.cjs)
836
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: cjs\riot+compiler.cjs → esm/compiler/compile-from-url.js) (esm/compiler/compile-from-url.js)
837
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (riot+compiler.min.js)
838
- stencil: score 35
839
- [HIGH] dangerous_call_function: Function.apply() — indirect execution via call/apply evasion technique. (index.js)
840
- [CRITICAL] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (index.js)
841
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (javascript\common.js)
842
- ember-source: score 38
843
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\ember-template-compiler.js)
844
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\ember-template-compiler.js)
845
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\ember-testing.js)
846
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\ember.debug.js)
847
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\ember.debug.js)
848
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\ember.debug.js)
849
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\ember.debug.js)
850
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\ember.prod.js)
851
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\ember.prod.js)
852
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\ember.prod.js)
853
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\ember.prod.js)
854
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\packages\@ember\template-compiler\lib\compile-options.js)
855
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\packages\@ember\template-compiler\lib\template.js)
856
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\packages\@glimmer\runtime\index.js)
857
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\index.js)
858
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\ember.debug.js → types/stable/@ember/application/index.d.ts) (types/stable/@ember/application/index.d.ts)
859
- htmx.org: score 49
860
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\ext\include-vals.js)
861
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\htmx.amd.js)
862
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\htmx.amd.js)
863
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\htmx.amd.js)
864
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\htmx.amd.js)
865
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\htmx.amd.js)
866
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\htmx.cjs.js)
867
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\htmx.cjs.js)
868
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\htmx.cjs.js)
869
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\htmx.cjs.js)
870
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\htmx.cjs.js)
871
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\htmx.esm.js)
872
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\htmx.esm.js)
873
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\htmx.esm.js)
874
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\htmx.esm.js)
875
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\htmx.esm.js)
876
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\htmx.js)
877
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\htmx.js)
878
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\htmx.js)
879
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\htmx.js)
880
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\htmx.js)
881
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\htmx.min.js)
882
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\htmx.min.js)
883
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\htmx.min.js)
884
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\htmx.amd.js)
885
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\htmx.cjs.js)
886
- [HIGH] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\htmx.esm.js)
887
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\htmx.js)
888
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\htmx.min.js)
889
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\htmx.amd.js)
890
- million: score 100
891
- [MEDIUM] sandbox_evasion: Sandbox/container detection via statSync("/.dockerenv") — anti-analysis technique. (dist\packages\compiler.cjs)
892
- [MEDIUM] sandbox_evasion: Sandbox/container detection via statSync("/.dockerenv") — anti-analysis technique. (dist\packages\compiler.mjs)
893
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\packages\react-server.cjs)
894
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\packages\react-server.mjs)
895
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_config_user_agent, npm_config_user_agent) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, post) (dist\packages\compiler.cjs)
896
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], os.homedir, npm_config_user_agent, npm_config_user_agent, os.release, os.cpus, os.platform, os.release, os.arch, os.totalmem) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, post) (dist\packages\compiler.mjs)
897
- [HIGH] intent_command_exfil: Intent coherence: command_output → network_external (dist\packages\compiler.cjs)
898
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\packages\react-server.cjs → dist\packages\compiler.cjs) (dist\packages\compiler.cjs)
899
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\packages\compiler.cjs)
900
- webpack: score 81
901
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
902
- [LOW] dynamic_import: Dynamic import() of dangerous module "https". (hot\load-http.js)
903
- [LOW] dynamic_import: Dynamic import() of dangerous module "http". (hot\load-http.js)
904
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\DotenvPlugin.js)
905
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\EnvironmentPlugin.js)
906
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\FileSystemInfo.js)
907
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\hmr\HotModuleReplacement.runtime.js)
908
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\hmr\JavascriptHotModuleReplacement.runtime.js)
909
- [HIGH] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (lib\javascript\JavascriptModulesPlugin.js)
910
- [MEDIUM] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (lib\ProgressPlugin.js)
911
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\serialization\ObjectMiddleware.js)
912
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\util\binarySearchBounds.js)
913
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\JsonpChunkLoadingRuntimeModule.js)
914
- [MEDIUM] high_entropy_string: High entropy string (5.70 bits, 52 chars) — possible base64/hex/encrypted payload (lib\util\hash\hash-digest.js)
915
- [MEDIUM] high_entropy_string: High entropy string (5.86 bits, 58 chars) — possible base64/hex/encrypted payload (lib\util\hash\hash-digest.js)
916
- [MEDIUM] high_entropy_string: High entropy string (5.95 bits, 62 chars) — possible base64/hex/encrypted payload (lib\util\hash\hash-digest.js)
917
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2868 chars) — possible encoded malicious code (lib\util\hash\md4.js)
918
- [LOW] js_obfuscation_pattern: Long base64 payload detected (1548 chars) — possible encoded malicious code (lib\util\hash\xxhash64.js)
919
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\DotenvPlugin.js → lib/schemes/HttpUriPlugin.js) (lib/schemes/HttpUriPlugin.js)
920
- webpack-dev-server: score 91
921
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
922
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (client\index.js)
923
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (client\modules\sockjs-client\index.js)
924
- [MEDIUM] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (lib\Server.js)
925
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\Server.js)
926
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\Server.js)
927
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.networkInterfaces, os.networkInterfaces, os.hostname) + network send (get) (lib\Server.js)
928
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\Server.js)
929
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\Server.js → client/overlay.js) (client/overlay.js)
930
- vite: score 100
931
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\client\client.mjs)
932
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\client\client.mjs)
933
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\node\chunks\build2.js)
934
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\node\chunks\build2.js)
935
- [MEDIUM] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\node\chunks\config.js)
936
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\node\chunks\config.js)
937
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\node\chunks\config.js)
938
- [MEDIUM] worker_thread_exec: new Worker() with eval:true — executes arbitrary code in worker thread, bypasses main thread detection. (dist\node\chunks\config.js)
939
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\node\chunks\config.js)
940
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\node\chunks\config.js)
941
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\node\chunks\config.js)
942
- [MEDIUM] env_access: Access to sensitive variable process.env.DOTENV_KEY. (dist\node\chunks\config.js)
943
- [MEDIUM] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\node\chunks\config.js)
944
- [HIGH] dangerous_exec: Dangerous shell command in exec(): "powershell -NoProfile -Command "[Console]::OutputEncoding=[Text.Encoding]::UTF8;" (dist\node\chunks\config.js)
945
- [LOW] dynamic_import: Dynamic import() of dangerous module "node:http". (dist\node\chunks\config.js)
946
- [MEDIUM] sandbox_evasion: Sandbox/container detection via statSync("/.dockerenv") — anti-analysis technique. (dist\node\chunks\config.js)
947
- [MEDIUM] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (dist\node\chunks\config.js)
948
- [CRITICAL] reverse_shell: JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout. (dist\node\chunks\config.js)
949
- [MEDIUM] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\node\chunks\config.js)
950
- [CRITICAL] fetch_decrypt_exec: Steganographic payload chain: remote fetch + crypto decryption + dynamic execution. No legitimate package uses this pattern. (dist\node\chunks\config.js)
951
- [HIGH] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\node\chunks\config.js)
952
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\node\chunks\config.js)
953
- [MEDIUM] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (dist\node\chunks\config.js)
954
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\node\chunks\config.js)
955
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\node\module-runner.js)
956
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\node\module-runner.js)
957
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: unicode_escapes, base64_eval (dist\node\chunks\config.js)
958
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], os.networkInterfaces, npm_config_user_agent, os.cpus, DOTENV_KEY, DOTENV_KEY, DOTENV_KEY, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], os.release, npm_config_user_agent) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, request, tls.connect, get, get, get, get, get, get, request, request, request, request, request, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\node\chunks\config.js)
959
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\client\client.mjs → dist\node\chunks\config.js) (dist\node\chunks\config.js)
960
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\node\chunks\config.js)
961
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\node\chunks\config.js)
962
- [HIGH] intent_command_exfil: Intent coherence: command_output → exec_sink (dist\node\chunks\config.js)
963
- [HIGH] intent_command_exfil: Intent coherence: command_output → network_external (dist\node\chunks\config.js)
964
- esbuild: score 100
965
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
966
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (install.js)
967
- [CRITICAL] download_exec_binary: Download-execute pattern: remote fetch + chmod executable + execSync in same file. Binary dropper camouflaged as native addon build. (install.js)
968
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (os.arch, os.platform, fs.readdirSync, fs.readFileSync, os.platform) + network send (fetch, get, https.get, fetch) (install.js)
969
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (os.arch, os.platform, fs.readdirSync, fs.readFileSync, os.platform) + write to sensitive path (fs.writeFileSync, fs.writeFileSync, fs.writeFileSync, fs.writeFileSync) (install.js)
970
- [HIGH] suspicious_dataflow: Suspicious flow: command output (os.arch, fs.readFileSync, fs.readFile, child_process.spawn) + network send (get) (lib\main.js)
971
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (os.arch, fs.readFileSync, fs.readFile, child_process.spawn) + write to sensitive path (fs.writeFileSync, fs.writeFile) (lib\main.js)
972
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (install.js)
973
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (install.js)
974
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: install.js → lib\main.js) (lib\main.js)
975
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (install.js)
976
- rollup: score 40
977
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
978
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\es\shared\node-entry.js)
979
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\es\shared\node-entry.js)
980
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\native.js)
981
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\shared\loadConfigFile.js)
982
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\shared\loadConfigFile.js)
983
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\shared\loadConfigFile.js)
984
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\shared\rollup.js)
985
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\shared\rollup.js)
986
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.type) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\es\shared\watch.js)
987
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.type) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\shared\index.js)
988
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\es\shared\node-entry.js → dist\es\shared\watch.js) (dist\es\shared\watch.js)
989
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\es\shared\watch.js)
990
- @swc/core: score 81
991
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
992
- [MEDIUM] lifecycle_script: Script "prepack" detected. Common attack vector. (package.json)
993
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (index.js)
994
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (index.js)
995
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (postinstall.js)
996
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (postinstall.js)
997
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (spack.js)
998
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (postinstall.js)
999
- @swc/cli: score 26
1000
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\swcx\index.js)
1001
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\swcx\index.js)
1002
- tsup: score 34
1003
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\chunk-TWFEYLU4.js)
1004
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\rollup.js)
1005
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (HOME, LOGNAME, USER, USERNAME, USERPROFILE) + network send (get, get, get, get, get, get) (dist\rollup.js)
1006
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\rollup.js)
1007
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\rollup.js)
1008
- @babel/core: score 23
1009
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\config\files\import.cjs)
1010
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\config\files\module-types.js)
1011
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\config\files\module-types.js)
1012
- terser: score 29
1013
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
1014
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\bundle.min.js)
1015
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\parse.js)
1016
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: hex_escapes, unicode_escapes, string_array, base64_eval (dist\bundle.min.js)
1017
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (lib\parse.js)
1018
- [MEDIUM] high_entropy_string: High entropy string (5.75 bits, 54 chars) — possible base64/hex/encrypted payload (lib\scope.js)
1019
- oclif: score 22
1020
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
1021
- [MEDIUM] lifecycle_script: Script "prepack" detected. Common attack vector. (package.json)
1022
- [LOW] env_access: Access to sensitive variable process.env.AWS_ACCESS_KEY_ID. (lib\aws.js)
1023
- [LOW] env_access: Access to sensitive variable process.env.AWS_SECRET_ACCESS_KEY. (lib\aws.js)
1024
- [LOW] env_access: Access to sensitive variable process.env.AWS_SESSION_TOKEN. (lib\aws.js)
1025
- [LOW] env_access: Access to sensitive variable process.env.GITHUB_TOKEN. (lib\commands\generate.js)
1026
- [LOW] env_access: Access to sensitive variable process.env.GH_TOKEN. (lib\commands\generate.js)
1027
- listr2: score 59
1028
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\index.mjs)
1029
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, fetch, fetch, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\index.mjs)
1030
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\index.mjs)
1031
- tasuku: score 66
1032
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\index.cjs)
1033
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\index.mjs)
1034
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.homedir, os.release) + network send (get, get) (dist\index.cjs)
1035
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\index.cjs)
1036
- blessed: score 76
1037
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (example\blessed-telnet.js)
1038
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (example\blessed-telnet.js)
1039
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\tput.js)
1040
- [HIGH] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (lib\widget.js)
1041
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (HOME, HOME) + network send (child_process.execSync, child_process.execSync) (lib\widgets\screen.js)
1042
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\widgets\screen.js)
1043
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\widgets\screen.js → lib/gpmclient.js) (lib/gpmclient.js)
1044
- mocha: score 50
1045
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\cli\config.js)
1046
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\cli\run-helpers.js)
1047
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\cli\run-helpers.js)
1048
- [CRITICAL] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\cli\watch-run.js)
1049
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\mocha.js)
1050
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\mocha.js)
1051
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\nodejs\esm-utils.js)
1052
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\nodejs\esm-utils.js)
1053
- [CRITICAL] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\nodejs\file-unloader.js)
1054
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (lib\nodejs\worker.js)
1055
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (mocha.js)
1056
- vitest: score 100
1057
- [MEDIUM] prototype_hook: WebSocket.prototype.addEventListener overridden — native API hooking for traffic interception. (dist\chunks\cli-api.B7PN_QUv.js)
1058
- [MEDIUM] prototype_hook: WebSocket.prototype.removeEventListener overridden — native API hooking for traffic interception. (dist\chunks\cli-api.B7PN_QUv.js)
1059
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\chunks\cli-api.B7PN_QUv.js)
1060
- [CRITICAL] reverse_shell: JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout. (dist\chunks\cli-api.B7PN_QUv.js)
1061
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\cli-api.B7PN_QUv.js)
1062
- [MEDIUM] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (dist\chunks\cli-api.B7PN_QUv.js)
1063
- [MEDIUM] prototype_hook: global.Request overridden — native API hooking for traffic interception. (dist\chunks\index.CyBMJtT7.js)
1064
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\index.CyBMJtT7.js)
1065
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\chunks\init.B6MLFIaN.js)
1066
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\chunks\init.B6MLFIaN.js)
1067
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\chunks\startModuleRunner.DEj0jb3e.js)
1068
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\chunks\traces.CCmnQaNT.js)
1069
- [LOW] dangerous_call_eval: Indirect eval via alias "eval2" — eval wrapper evasion. (dist\chunks\vi.2VT5v0um.js)
1070
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (dist\chunks\vm.D3epNOPZ.js)
1071
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\chunks\vm.D3epNOPZ.js)
1072
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\chunks\vm.D3epNOPZ.js)
1073
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\chunks\vm.D3epNOPZ.js)
1074
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\chunks\vm.D3epNOPZ.js)
1075
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\chunks\vm.D3epNOPZ.js)
1076
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\chunks\vm.D3epNOPZ.js)
1077
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\chunks\vm.D3epNOPZ.js)
1078
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "identifier" (plugin loader pattern). (dist\chunks\vm.D3epNOPZ.js)
1079
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\module-evaluator.js)
1080
- [LOW] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (dist\module-evaluator.js)
1081
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\module-evaluator.js)
1082
- [HIGH] env_proxy_intercept: new Proxy(process.env) detected — intercepts all environment variable access. (dist\module-evaluator.js)
1083
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (npm_config_user_agent, process.env[dynamic], process.env[dynamic], npm_config_VITEST_MODULE_DIRECTORIES, process.env[dynamic]) + network send (request, request, net.connect, tls.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\chunks\cli-api.B7PN_QUv.js)
1084
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, fetch, get, post) (dist\chunks\init.B6MLFIaN.js)
1085
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get) (dist\module-evaluator.js)
1086
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\chunks\cli-api.B7PN_QUv.js)
1087
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\chunks\cli-api.B7PN_QUv.js → dist\chunks\init.B6MLFIaN.js) (dist\chunks\init.B6MLFIaN.js)
1088
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\module-evaluator.js)
1089
- jasmine: score 21
1090
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\command.js)
1091
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\loader.js)
1092
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\loader.js)
1093
- karma: score 23
1094
- [MEDIUM] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (lib\cli.js)
1095
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\config.js)
1096
- [HIGH] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (lib\init.js)
1097
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\plugin.js)
1098
- [HIGH] dynamic_require: Dynamic require() with template literal (module name obfuscation). (lib\reporter.js)
1099
- [HIGH] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (lib\server.js)
1100
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (wallaby.js)
1101
- c8: score 65
1102
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (fs.readdirSync, fs.readdirSync, fs.readFileSync) + network send (get, get) (lib\report.js)
1103
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\report.js)
1104
- sinon: score 23
1105
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (pkg\sinon-esm.js)
1106
- [HIGH] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (pkg\sinon-esm.js)
1107
- [HIGH] dangerous_call_eval: Indirect eval via alias "eval2" — eval wrapper evasion. (pkg\sinon-esm.js)
1108
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (pkg\sinon-no-sourcemaps.cjs)
1109
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (pkg\sinon-no-sourcemaps.cjs)
1110
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (pkg\sinon-no-sourcemaps.cjs)
1111
- [LOW] dangerous_call_eval: Indirect eval via alias "eval2" — eval wrapper evasion. (pkg\sinon-no-sourcemaps.cjs)
1112
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (pkg\sinon.js)
1113
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (pkg\sinon.js)
1114
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (pkg\sinon.js)
1115
- [LOW] dangerous_call_eval: Indirect eval via alias "eval2" — eval wrapper evasion. (pkg\sinon.js)
1116
- nock: score 43
1117
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\common.js)
1118
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\common.js → lib/intercept.js) (lib/intercept.js)
1119
- msw: score 100
1120
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
1121
- [HIGH] node_inline_exec: Dangerous pattern "node_inline_exec" in script "postinstall". (package.json)
1122
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\browser\index.js)
1123
- [HIGH] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (lib\browser\index.js)
1124
- [HIGH] prototype_hook: globalThis.XMLHttpRequest overridden — native API hooking for traffic interception. (lib\browser\index.js)
1125
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\browser\index.js)
1126
- [CRITICAL] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (lib\browser\index.js)
1127
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\browser\index.mjs)
1128
- [HIGH] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (lib\browser\index.mjs)
1129
- [HIGH] prototype_hook: globalThis.XMLHttpRequest overridden — native API hooking for traffic interception. (lib\browser\index.mjs)
1130
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\browser\index.mjs)
1131
- [CRITICAL] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (lib\browser\index.mjs)
1132
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\core\sse.js)
1133
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\core\sse.mjs)
1134
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (lib\iife\index.js)
1135
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\iife\index.js)
1136
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (lib\iife\index.js)
1137
- [LOW] prototype_hook: globalThis.XMLHttpRequest overridden — native API hooking for traffic interception. (lib\iife\index.js)
1138
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\iife\index.js)
1139
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (lib\iife\index.js)
1140
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get) (lib\browser\index.js)
1141
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get) (lib\browser\index.mjs)
1142
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get) (lib\iife\index.js)
1143
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\browser\index.js)
1144
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\browser\index.js → lib\browser\index.mjs) (lib\browser\index.mjs)
1145
- storybook: score 89
1146
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\core-server\presets\common-manager.js)
1147
- [LOW] dangerous_exec: Dangerous shell command in exec(): "powershell -NoProfile -Command "[Console]::OutputEncoding=[Text.Encoding]::UTF8;" (dist\core-server\presets\common-preset.js)
1148
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\core-server\presets\common-preset.js)
1149
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\manager\globals-runtime.js)
1150
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (dist\manager\globals-runtime.js)
1151
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\manager\globals-runtime.js)
1152
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\manager\globals-runtime.js)
1153
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\manager\globals-runtime.js)
1154
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\manager\runtime.js)
1155
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\manager\runtime.js)
1156
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\manager-api\index.js)
1157
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\mocking-utils\mocker-runtime.js)
1158
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\preview\runtime.js)
1159
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (dist\preview\runtime.js)
1160
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\preview\runtime.js)
1161
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\preview\runtime.js)
1162
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\preview\runtime.js)
1163
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\_browser-chunks\chunk-2N4WE3KZ.js)
1164
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\_browser-chunks\chunk-JK6U3MQW.js)
1165
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (dist\_browser-chunks\chunk-JK6U3MQW.js)
1166
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\_node-chunks\chunk-3GE4RMQP.js)
1167
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\_node-chunks\chunk-3ZQKVR7U.js)
1168
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\_node-chunks\chunk-3ZQKVR7U.js)
1169
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\_node-chunks\chunk-3ZQKVR7U.js)
1170
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\_node-chunks\chunk-7ZPQ47DO.js)
1171
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\_node-chunks\chunk-MMBEKDML.js)
1172
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\_node-chunks\chunk-QJX5X3RR.js)
1173
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (dist\_node-chunks\chunk-QQUKUQCR.js)
1174
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\_node-chunks\chunk-QQUKUQCR.js)
1175
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\_node-chunks\chunk-URMZXQZT.js)
1176
- [MEDIUM] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\_node-chunks\chunk-URMZXQZT.js)
1177
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\_node-chunks\chunk-URMZXQZT.js)
1178
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\_node-chunks\chunk-URMZXQZT.js)
1179
- [MEDIUM] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (dist\_node-chunks\chunk-URMZXQZT.js)
1180
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\_node-chunks\chunk-URMZXQZT.js)
1181
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\_node-chunks\chunk-URMZXQZT.js)
1182
- [LOW] env_access: Access to sensitive variable process.env.DOTENV_KEY. (dist\_node-chunks\lib-HDCZQGYN.js)
1183
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\_node-chunks\lib-HDCZQGYN.js)
1184
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\_node-chunks\mdx-N42X6CFJ-5A4ZF6QJ.js)
1185
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\core-server\presets\common-manager.js)
1186
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (dist\_browser-chunks\syntaxhighlighter-ED5Y7EFY.js)
1187
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: hex_escapes, unicode_escapes, string_array, base64_eval (dist\_node-chunks\chunk-3ZQKVR7U.js)
1188
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.release) + network send (get, get, get, get, get, get, get, get, get, fetch, get) (dist\core-server\presets\common-preset.js)
1189
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.type, process.env[dynamic]) + network send (get, get, get, get, get, get, get, get) (dist\_node-chunks\chunk-7ZPQ47DO.js)
1190
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (HOME, LOGNAME, USER, USERNAME, USERPROFILE, process.env[dynamic], npm_config_user_agent) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\_node-chunks\chunk-URMZXQZT.js)
1191
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.cpus) + network send (get, get) (dist\_node-chunks\globby-YIGI4OG5.js)
1192
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (DOTENV_KEY, DOTENV_KEY, DOTENV_KEY, os.homedir, process.env[dynamic], process.env[dynamic]) + network send (get, get) (dist\_node-chunks\lib-HDCZQGYN.js)
1193
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\core-server\presets\common-preset.js)
1194
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\core-server\presets\common-preset.js → dist\_node-chunks\chunk-7ZPQ47DO.js) (dist\_node-chunks\chunk-7ZPQ47DO.js)
1195
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\manager\globals-runtime.js)
1196
- @storybook/react: score 88
1197
- [MEDIUM] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\preset.js)
1198
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\preset.js)
1199
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\preset.js)
1200
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], HOME, LOGNAME, USER, USERNAME, USERPROFILE) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\preset.js)
1201
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\preset.js)
1202
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\preset.js)
1203
- playwright: score 100
1204
- [CRITICAL] mcp_config_injection: MCP config injection: code contains MCP server configuration keywords (mcpServers/mcp.json/claude_desktop_config) with filesystem writes. AI toolchain poisoning. (lib\agents\generateAgents.js)
1205
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\common\expectBundleImpl.js)
1206
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "N" (plugin loader pattern). (lib\common\expectBundleImpl.js)
1207
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\common\process.js)
1208
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\common\process.js)
1209
- [HIGH] env_access: Access to sensitive variable process.env.PLAYWRIGHT_MCP_EXTENSION_TOKEN. (lib\mcp\extension\cdpRelay.js)
1210
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\plugins\gitCommitInfoPlugin.js)
1211
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\plugins\webServerPlugin.js)
1212
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\reporters\base.js)
1213
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\reporters\github.js)
1214
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\reporters\junit.js)
1215
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\runner\testRunner.js)
1216
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (lib\transform\babelBundleImpl.js)
1217
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\transform\babelBundleImpl.js)
1218
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\transform\babelBundleImpl.js)
1219
- [HIGH] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (lib\transform\babelBundleImpl.js)
1220
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\transform\babelBundleImpl.js)
1221
- [CRITICAL] dynamic_require_exec: exec() called on dynamically-required module "s" — obfuscated command execution. (lib\transform\babelBundleImpl.js)
1222
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\transform\babelBundleImpl.js)
1223
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\transform\babelBundleImpl.js)
1224
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "i" (plugin loader pattern). (lib\transform\babelBundleImpl.js)
1225
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (lib\transform\transform.js)
1226
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\transform\transform.js)
1227
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\transform\transform.js)
1228
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\util.js)
1229
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "t" (plugin loader pattern). (lib\utilsBundleImpl.js)
1230
- [LOW] obfuscation_detected: Code obfusque (score: 75). Signaux: hex_escapes, unicode_escapes, base64_eval (lib\transform\babelBundleImpl.js)
1231
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (lib\utilsBundleImpl.js)
1232
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.release, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (lib\common\expectBundleImpl.js)
1233
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get) (lib\common\process.js)
1234
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (PLAYWRIGHT_MCP_EXTENSION_TOKEN) + network send (get) (lib\mcp\extension\cdpRelay.js)
1235
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get) (lib\reporters\base.js)
1236
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, os.release, process.env[dynamic], fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, fs.hasOwnProperty, readFile, readFileSync, fs.readFileSync, readFileSync, fs.readFileSync, fs.toString, readFileSync, fs.readFileSync, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, readFile, fs.toString, fs.constructor) + network send (fs.toString, fs.toString, fs.toString, get, get, get, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.hasOwnProperty, get, get, get, get, fs.toString, get, get, get, get, get, get, fs.toString, fs.toString, fs.toString, fs.toString, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.toString, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fs.constructor, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (lib\transform\babelBundleImpl.js)
1237
- [CRITICAL] staged_payload: Network fetch + eval() in same file (staged payload execution). (lib\transform\transform.js)
1238
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.type) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (lib\utilsBundleImpl.js)
1239
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (lib\transform\babelBundleImpl.js)
1240
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (lib\utilsBundleImpl.js)
1241
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\common\process.js → lib\common\expectBundleImpl.js) (lib\common\expectBundleImpl.js)
1242
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\common\process.js)
1243
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (lib\transform\babelBundleImpl.js)
1244
- cypress: score 68
1245
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
1246
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\util.js)
1247
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (vue\dist\cypress-vue.cjs.js)
1248
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (vue\dist\cypress-vue.cjs.js)
1249
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (vue\dist\cypress-vue.cjs.js)
1250
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (vue\dist\cypress-vue.esm-bundler.js)
1251
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (vue\dist\cypress-vue.esm-bundler.js)
1252
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (vue\dist\cypress-vue.esm-bundler.js)
1253
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (vue\vue\dist\cypress-vue.cjs.js)
1254
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (vue\vue\dist\cypress-vue.cjs.js)
1255
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (vue\vue\dist\cypress-vue.cjs.js)
1256
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (vue\vue\dist\cypress-vue.esm-bundler.js)
1257
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (vue\vue\dist\cypress-vue.esm-bundler.js)
1258
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (vue\vue\dist\cypress-vue.esm-bundler.js)
1259
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (vue\dist\cypress-vue.cjs.js)
1260
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (vue\dist\cypress-vue.esm-bundler.js)
1261
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (vue\vue\dist\cypress-vue.cjs.js)
1262
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (vue\vue\dist\cypress-vue.esm-bundler.js)
1263
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (vue\dist\cypress-vue.cjs.js)
1264
- pg: score 75
1265
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\connection-parameters.js)
1266
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (dns.lookup) (lib\connection-parameters.js)
1267
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\connection-parameters.js)
1268
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\connection-parameters.js → lib/stream.js) (lib/stream.js)
1269
- @prisma/client: score 100
1270
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (generator-build\index.js)
1271
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (generator-build\index.js)
1272
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (generator-build\index.js)
1273
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (generator-build\index.js)
1274
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (generator-build\index.js)
1275
- [CRITICAL] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (generator-build\index.js)
1276
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (runtime\client.js)
1277
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (runtime\client.js)
1278
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (runtime\client.mjs)
1279
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (runtime\client.mjs)
1280
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (runtime\wasm-compiler-edge.js)
1281
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (runtime\wasm-compiler-edge.js)
1282
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (runtime\wasm-compiler-edge.mjs)
1283
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (runtime\wasm-compiler-edge.mjs)
1284
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (fs.readdir, fs.readdirSync, fs.readdir, fs.readdirSync, fs.readFileSync, HOME, LOGNAME, USER, USERNAME, USERPROFILE, os.homedir, process.env[dynamic], os.release) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (generator-build\index.js)
1285
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (fs.readdir, fs.readdirSync, fs.readdir, fs.readdirSync, fs.readFileSync, HOME, LOGNAME, USER, USERNAME, USERPROFILE, os.homedir, process.env[dynamic], os.release) + write to sensitive path (fs.writeFile, fs.writeFile, fs.writeFileSync, fs.writeFileSync, fs.writeFile, fs.writeFileSync) (generator-build\index.js)
1286
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (COMPUTERNAME) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, get, get, request, request, request) (runtime\client.js)
1287
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (COMPUTERNAME) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, get, get, request, request, request) (runtime\client.mjs)
1288
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4958664 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.cockroachdb.wasm-base64.js)
1289
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4958664 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.cockroachdb.wasm-base64.mjs)
1290
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4821924 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.mysql.wasm-base64.js)
1291
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4821924 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.mysql.wasm-base64.mjs)
1292
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4888524 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.postgresql.wasm-base64.js)
1293
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4888524 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.postgresql.wasm-base64.mjs)
1294
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4708180 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.sqlite.wasm-base64.js)
1295
- [LOW] js_obfuscation_pattern: Long base64 payload detected (4708180 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.sqlite.wasm-base64.mjs)
1296
- [LOW] js_obfuscation_pattern: Long base64 payload detected (5019808 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.sqlserver.wasm-base64.js)
1297
- [LOW] js_obfuscation_pattern: Long base64 payload detected (5019808 chars) — possible encoded malicious code (runtime\query_compiler_fast_bg.sqlserver.wasm-base64.mjs)
1298
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2500260 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.cockroachdb.wasm-base64.js)
1299
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2500260 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.cockroachdb.wasm-base64.mjs)
1300
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2423724 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.mysql.wasm-base64.js)
1301
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2423724 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.mysql.wasm-base64.mjs)
1302
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2465056 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.postgresql.wasm-base64.js)
1303
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2465056 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.postgresql.wasm-base64.mjs)
1304
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2362084 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.sqlite.wasm-base64.js)
1305
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2362084 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.sqlite.wasm-base64.mjs)
1306
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2465532 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.sqlserver.wasm-base64.js)
1307
- [LOW] js_obfuscation_pattern: Long base64 payload detected (2465532 chars) — possible encoded malicious code (runtime\query_compiler_small_bg.sqlserver.wasm-base64.mjs)
1308
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (generator-build\index.js)
1309
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (generator-build\index.js)
1310
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (generator-build\index.js)
1311
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: generator-build\index.js → runtime\client.js) (runtime\client.js)
1312
- knex: score 21
1313
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\migrations\util\import-file.js)
1314
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\migrations\util\import-file.js)
1315
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (lib\util\nanoid.js)
1316
- typeorm: score 76
1317
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
1318
- [LOW] env_access: Dynamic access to process.env (variable key). (browser\cli-ts-node-esm.js)
1319
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (browser\connection\ConnectionOptionsReader.js)
1320
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (browser\platform\PlatformTools.js)
1321
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (browser\platform\PlatformTools.js)
1322
- [LOW] env_access: Dynamic access to process.env (variable key). (browser\platform\PlatformTools.js)
1323
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (browser\util\DirectoryExportedClassesLoader.js)
1324
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (browser\util\ImportUtils.js)
1325
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (cli-ts-node-esm.js)
1326
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (connection\ConnectionOptionsReader.js)
1327
- [HIGH] dynamic_require: Dynamic require() with template literal (module name obfuscation). (platform\PlatformTools.js)
1328
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (platform\PlatformTools.js)
1329
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (platform\PlatformTools.js)
1330
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (util\DirectoryExportedClassesLoader.js)
1331
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (util\ImportUtils.js)
1332
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (cli-ts-node-esm.js)
1333
- bookshelf: score 46
1334
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\base\model.js)
1335
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\bookshelf.js)
1336
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\base\model.js → lib/base/model.js) (lib/base/model.js)
1337
- mongodb: score 100
1338
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
1339
- [HIGH] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (lib\client-side-encryption\mongocryptd_manager.js)
1340
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\client-side-encryption\providers\aws.js)
1341
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\cmap\auth\mongodb_oidc\automated_callback_workflow.js)
1342
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\cmap\auth\mongodb_oidc\k8s_machine_workflow.js)
1343
- [HIGH] env_access: Access to sensitive variable process.env.OIDC_TOKEN_FILE. (lib\cmap\auth\mongodb_oidc\token_machine_workflow.js)
1344
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.platform) + network send (child_process.spawn) (etc\prepare.js)
1345
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (fs/promises.readFile, fs/promises.readFile) + network send (get, tls.connect, socket.connect) (lib\client-side-encryption\state_machine.js)
1346
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\client-side-encryption\providers\aws.js → etc\prepare.js) (etc\prepare.js)
1347
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (etc\prepare.js)
1348
- cassandra-driver: score 62
1349
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\control-connection.js)
1350
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\datastax\cloud\index.js)
1351
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\encoder.js)
1352
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (lib\mapping\query-generator.js)
1353
- [LOW] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (lib\mapping\query-generator.js)
1354
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (lib\mapping\result-mapper.js)
1355
- [LOW] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (lib\mapping\result-mapper.js)
1356
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\control-connection.js → lib/client.js) (lib/client.js)
1357
- couchbase: score 24
1358
- [MEDIUM] lifecycle_script: Script "install" detected. Common attack vector. (package.json)
1359
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
1360
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\binding.js)
1361
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\collection.js)
1362
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\eventingfunctionmanager.js)
1363
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\usermanager.js)
1364
- arangojs: score 56
1365
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (cjs\connection.js)
1366
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\connection.js)
1367
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (cjs\databases.js)
1368
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (esm\connection.js)
1369
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (esm\connection.js)
1370
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (esm\databases.js)
1371
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: cjs\connection.js → cjs/connection.js) (cjs/connection.js)
1372
- lmdb: score 65
1373
- [MEDIUM] lifecycle_script: Script "install" detected. Common attack vector. (package.json)
1374
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
1375
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (dist\index.cjs)
1376
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (os.platform) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\index.cjs)
1377
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\index.cjs)
1378
- eslint: score 76
1379
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\config\config-loader.js)
1380
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\config\config-loader.js)
1381
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\eslint\eslint-helpers.js)
1382
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\eslint\eslint.js)
1383
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.release) + network send (get) (lib\shared\runtime-info.js)
1384
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\shared\runtime-info.js)
1385
- prettier: score 100
1386
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (index.mjs)
1387
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (internal\experimental-cli-worker.mjs)
1388
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (internal\experimental-cli-worker.mjs)
1389
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (internal\experimental-cli.mjs)
1390
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (internal\experimental-cli.mjs)
1391
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (internal\experimental-cli.mjs)
1392
- [MEDIUM] possible_obfuscation: File difficult to parse, possibly obfuscated. (plugins\babel.js)
1393
- [MEDIUM] possible_obfuscation: File difficult to parse, possibly obfuscated. (plugins\babel.mjs)
1394
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (index.mjs)
1395
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (plugins\acorn.js)
1396
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (plugins\acorn.mjs)
1397
- [HIGH] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (plugins\angular.js)
1398
- [HIGH] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (plugins\angular.mjs)
1399
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (plugins\babel.js)
1400
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (plugins\babel.mjs)
1401
- [LOW] obfuscation_detected: Code obfusque (score: 95). Signaux: long_single_lines, hex_escapes, unicode_escapes, string_array (plugins\estree.js)
1402
- [LOW] obfuscation_detected: Code obfusque (score: 95). Signaux: long_single_lines, hex_escapes, unicode_escapes, string_array (plugins\estree.mjs)
1403
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (plugins\flow.js)
1404
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, hex_escapes (plugins\flow.mjs)
1405
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (plugins\glimmer.js)
1406
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (plugins\glimmer.mjs)
1407
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (plugins\html.js)
1408
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, hex_escapes, unicode_escapes (plugins\html.mjs)
1409
- [LOW] obfuscation_detected: Code obfusque (score: 95). Signaux: long_single_lines, hex_escapes, unicode_escapes, string_array (plugins\markdown.js)
1410
- [LOW] obfuscation_detected: Code obfusque (score: 95). Signaux: long_single_lines, hex_escapes, unicode_escapes, string_array (plugins\markdown.mjs)
1411
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, string_array (plugins\postcss.js)
1412
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: long_single_lines, string_array (plugins\postcss.mjs)
1413
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, unicode_escapes, string_array (plugins\typescript.js)
1414
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: long_single_lines, unicode_escapes, string_array (plugins\typescript.mjs)
1415
- [HIGH] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (standalone.js)
1416
- [HIGH] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (standalone.mjs)
1417
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.cpus, npm_package_name, npm_lifecycle_script) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (index.mjs)
1418
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (internal\legacy-cli.mjs)
1419
- [MEDIUM] high_entropy_string: High entropy string (5.50 bits, 204 chars) — possible base64/hex/encrypted payload (plugins\estree.js)
1420
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (plugins\postcss.js)
1421
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (plugins\postcss.mjs)
1422
- [MEDIUM] high_entropy_string: High entropy string (5.55 bits, 624 chars) — possible base64/hex/encrypted payload (plugins\yaml.js)
1423
- [MEDIUM] high_entropy_string: High entropy string (5.55 bits, 624 chars) — possible base64/hex/encrypted payload (plugins\yaml.mjs)
1424
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: internal\experimental-cli.mjs → index.mjs) (index.mjs)
1425
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (index.mjs)
1426
- oxlint: score 95
1427
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (dist\bindings.js)
1428
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\js_config.js)
1429
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\lint.js)
1430
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\lint.js)
1431
- [MEDIUM] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\lint.js)
1432
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\lint.js)
1433
- [MEDIUM] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (dist\lint.js)
1434
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\lint.js)
1435
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\typescript.cjs)
1436
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\typescript.cjs)
1437
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\typescript.cjs)
1438
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "n" (plugin loader pattern). (dist\typescript.cjs)
1439
- [LOW] dynamic_require_exec: exec() called on dynamically-required module "t" — obfuscated command execution. (dist\typescript.cjs)
1440
- [LOW] dynamic_require_exec: exec() called on dynamically-required module "r" — obfuscated command execution. (dist\typescript.cjs)
1441
- [LOW] dynamic_require: Dynamic require() with statically-assigned variable "t" (plugin loader pattern). (dist\typescript.cjs)
1442
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (os.release, process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, get, get, get, get, get, get, get, get) (dist\lint.js)
1443
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, post, get, post, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, get) (dist\typescript.cjs)
1444
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\lint.js)
1445
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\lint.js)
1446
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\lint.js → dist\typescript.cjs) (dist\typescript.cjs)
1447
- eslint-plugin-import: score 86
1448
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\exportMap\typescript.js)
1449
- [HIGH] vm_code_execution: vm.runInNewContext() — dynamic code execution via Node.js vm module bypasses eval detection. (lib\rules\dynamic-import-chunkname.js)
1450
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get) (lib\exportMap\typescript.js)
1451
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\exportMap\typescript.js)
1452
- eslint-plugin-node: score 59
1453
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\rules\no-deprecated-api.js)
1454
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\rules\process-exit-as-throw.js)
1455
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\rules\no-deprecated-api.js → lib/rules/no-deprecated-api.js) (lib/rules/no-deprecated-api.js)
1456
- @typescript-eslint/eslint-plugin: score 65
1457
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (privateKey) + network send (get, get, get, get, get) (dist\util\class-scope-analyzer\classScopeAnalyzer.js)
1458
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\util\class-scope-analyzer\classScopeAnalyzer.js)
1459
- markdownlint-cli: score 78
1460
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (markdownlint.js)
1461
- [MEDIUM] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (markdownlint.js)
1462
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.platform) + network send (get) (markdownlint.js)
1463
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (markdownlint.js)
1464
- nx: score 100
1465
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
1466
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\ai\set-up-ai-agents\set-up-ai-agents.js)
1467
- [CRITICAL] mcp_config_injection: MCP config injection: code contains MCP server configuration keywords (mcpServers/mcp.json/claude_desktop_config) with filesystem writes. AI toolchain poisoning. (src\ai\set-up-ai-agents\set-up-ai-agents.js)
1468
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\command-line\configure-ai-agents\configure-ai-agents.js)
1469
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\command-line\init\command-object.js)
1470
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (src\command-line\init\implementation\dot-nx\nxw.js)
1471
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\command-line\init\implementation\dot-nx\nxw.js)
1472
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\command-line\init\init-v2.js)
1473
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\command-line\migrate\migrate.js)
1474
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\command-line\migrate\migrate.js)
1475
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_AUTH_TOKEN. (src\command-line\nx-cloud\connect\connect-to-nx-cloud.js)
1476
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_ACCESS_TOKEN. (src\command-line\nx-cloud\connect\connect-to-nx-cloud.js)
1477
- [HIGH] env_access: Access to sensitive variable process.env.GITHUB_TOKEN. (src\command-line\release\utils\remote-release-clients\github.js)
1478
- [HIGH] env_access: Access to sensitive variable process.env.GH_TOKEN. (src\command-line\release\utils\remote-release-clients\github.js)
1479
- [HIGH] env_access: Access to sensitive variable process.env.GITLAB_TOKEN. (src\command-line\release\utils\remote-release-clients\gitlab.js)
1480
- [HIGH] env_access: Access to sensitive variable process.env.GL_TOKEN. (src\command-line\release\utils\remote-release-clients\gitlab.js)
1481
- [HIGH] env_access: Access to sensitive variable process.env.CI_JOB_TOKEN. (src\command-line\release\utils\remote-release-clients\gitlab.js)
1482
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\command-line\release\utils\resolve-changelog-renderer.js)
1483
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\command-line\release\version\version-actions.js)
1484
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\config\schema-utils.js)
1485
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (src\core\graph\main.js)
1486
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\core\graph\main.js)
1487
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (src\core\graph\main.js)
1488
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (src\daemon\server\handle-process-in-background.js)
1489
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\daemon\server\nx-console-operations.js)
1490
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\generators\internal-utils\format-changed-files-with-prettier-if-available.js)
1491
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (src\native\index.js)
1492
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (src\native\wasi-worker.mjs)
1493
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\nx-cloud\debug-logger.js)
1494
- [MEDIUM] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (src\nx-cloud\update-manager.js)
1495
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\nx-cloud\update-manager.js)
1496
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (src\nx-cloud\utilities\axios.js)
1497
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_AUTH_TOKEN. (src\nx-cloud\utilities\environment.js)
1498
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_ACCESS_TOKEN. (src\nx-cloud\utilities\environment.js)
1499
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (src\plugins\js\package-json\create-package-json.js)
1500
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\project-graph\plugins\load-resolved-plugin.js)
1501
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\project-graph\plugins\tasks-execution-hooks.js)
1502
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\tasks-runner\cache.js)
1503
- [LOW] env_access: Dynamic access to process.env (variable key). (src\tasks-runner\fork.js)
1504
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\tasks-runner\run-command.js)
1505
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\tasks-runner\run-command.js)
1506
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_AUTH_TOKEN. (src\tasks-runner\run-command.js)
1507
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_ACCESS_TOKEN. (src\tasks-runner\run-command.js)
1508
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\tasks-runner\run-command.js)
1509
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\utils\command-line-utils.js)
1510
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\utils\is-ci.js)
1511
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_AUTH_TOKEN. (src\utils\nx-cloud-utils.js)
1512
- [HIGH] env_access: Access to sensitive variable process.env.NX_CLOUD_ACCESS_TOKEN. (src\utils\nx-cloud-utils.js)
1513
- [HIGH] sensitive_string: Reference to ".npmrc" detected. (src\utils\package-manager.js)
1514
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (src\utils\params.js)
1515
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: long_single_lines, hex_escapes, unicode_escapes, base64_eval (src\core\graph\main.js)
1516
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], npm_config_registry, npm_config_registry, npm_config_registry) + network send (fetch, fetch, get, get) (src\command-line\migrate\migrate.js)
1517
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (GITHUB_TOKEN, GH_TOKEN) + network send (get, get) (src\command-line\release\utils\remote-release-clients\github.js)
1518
- [LOW] high_entropy_string: High entropy string (5.53 bits, 588 chars) — possible base64/hex/encrypted payload (src\core\graph\main.js)
1519
- [LOW] high_entropy_string: High entropy string (5.56 bits, 951 chars) — possible base64/hex/encrypted payload (src\core\graph\main.js)
1520
- [LOW] high_entropy_string: High entropy string (5.60 bits, 567 chars) — possible base64/hex/encrypted payload (src\core\graph\main.js)
1521
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: src\command-line\init\command-object.js → src\command-line\migrate\migrate.js) (src\command-line\migrate\migrate.js)
1522
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (src\command-line\migrate\migrate.js)
1523
- lerna: score 47
1524
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\changed\command.js)
1525
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\changed\command.js)
1526
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\changed\command.js)
1527
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\changed\command.js)
1528
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\changed\index.js)
1529
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\changed\index.js)
1530
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\changed\index.js)
1531
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\changed\index.js)
1532
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\clean\command.js)
1533
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\clean\command.js)
1534
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\clean\command.js)
1535
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\clean\command.js)
1536
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\clean\index.js)
1537
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\clean\index.js)
1538
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\clean\index.js)
1539
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\clean\index.js)
1540
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\diff\command.js)
1541
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\diff\command.js)
1542
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\diff\command.js)
1543
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\diff\command.js)
1544
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\diff\index.js)
1545
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\diff\index.js)
1546
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\diff\index.js)
1547
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\diff\index.js)
1548
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\diff\lib\get-last-commit.js)
1549
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\diff\lib\get-last-commit.js)
1550
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\diff\lib\get-last-commit.js)
1551
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\diff\lib\get-last-commit.js)
1552
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\diff\lib\has-commit.js)
1553
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\diff\lib\has-commit.js)
1554
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\diff\lib\has-commit.js)
1555
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\diff\lib\has-commit.js)
1556
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\exec\command.js)
1557
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\exec\command.js)
1558
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\exec\command.js)
1559
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\exec\command.js)
1560
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\exec\index.js)
1561
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\exec\index.js)
1562
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\exec\index.js)
1563
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\exec\index.js)
1564
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\import\command.js)
1565
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\import\command.js)
1566
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\import\command.js)
1567
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\import\command.js)
1568
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\import\index.js)
1569
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\import\index.js)
1570
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\import\index.js)
1571
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\import\index.js)
1572
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\info\command.js)
1573
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\info\command.js)
1574
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\info\command.js)
1575
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\info\command.js)
1576
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\info\index.js)
1577
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\info\index.js)
1578
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\info\index.js)
1579
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\info\index.js)
1580
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\init\command.js)
1581
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\init\command.js)
1582
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\init\command.js)
1583
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\init\command.js)
1584
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\init\index.js)
1585
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\init\index.js)
1586
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\init\index.js)
1587
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\init\index.js)
1588
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\list\command.js)
1589
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\list\command.js)
1590
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\list\command.js)
1591
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\list\command.js)
1592
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\list\index.js)
1593
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\list\index.js)
1594
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\list\index.js)
1595
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\list\index.js)
1596
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\command.js)
1597
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\command.js)
1598
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\command.js)
1599
- [LOW] env_access: Destructured access to sensitive env var: const { GH_TOKEN } = process.env. (dist\commands\publish\command.js)
1600
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\commands\publish\command.js)
1601
- [LOW] env_access: Destructured access to sensitive env var: const { GL_TOKEN } = process.env. (dist\commands\publish\command.js)
1602
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\command.js)
1603
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\index.js)
1604
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\index.js)
1605
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\index.js)
1606
- [LOW] env_access: Destructured access to sensitive env var: const { GH_TOKEN } = process.env. (dist\commands\publish\index.js)
1607
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\commands\publish\index.js)
1608
- [LOW] env_access: Destructured access to sensitive env var: const { GL_TOKEN } = process.env. (dist\commands\publish\index.js)
1609
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\index.js)
1610
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\fetch-config.js)
1611
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\fetch-config.js)
1612
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\fetch-config.js)
1613
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\fetch-config.js)
1614
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\get-current-sha.js)
1615
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\get-current-sha.js)
1616
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\get-current-sha.js)
1617
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\get-current-sha.js)
1618
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\get-current-tags.js)
1619
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\get-current-tags.js)
1620
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\get-current-tags.js)
1621
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\get-current-tags.js)
1622
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\get-npm-username.js)
1623
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\get-npm-username.js)
1624
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\get-npm-username.js)
1625
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\get-npm-username.js)
1626
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\get-profile-data.js)
1627
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\get-profile-data.js)
1628
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\get-profile-data.js)
1629
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\get-profile-data.js)
1630
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\get-two-factor-auth-required.js)
1631
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\get-two-factor-auth-required.js)
1632
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\get-two-factor-auth-required.js)
1633
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\get-two-factor-auth-required.js)
1634
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\get-whoami.js)
1635
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\get-whoami.js)
1636
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\get-whoami.js)
1637
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\get-whoami.js)
1638
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\git-checkout.js)
1639
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\git-checkout.js)
1640
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\git-checkout.js)
1641
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\git-checkout.js)
1642
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\publish\lib\verify-npm-package-access.js)
1643
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\publish\lib\verify-npm-package-access.js)
1644
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\publish\lib\verify-npm-package-access.js)
1645
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\publish\lib\verify-npm-package-access.js)
1646
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\run\command.js)
1647
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\run\command.js)
1648
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\run\command.js)
1649
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\run\command.js)
1650
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\run\index.js)
1651
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\run\index.js)
1652
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\run\index.js)
1653
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\run\index.js)
1654
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\command.js)
1655
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\command.js)
1656
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\command.js)
1657
- [LOW] env_access: Destructured access to sensitive env var: const { GH_TOKEN } = process.env. (dist\commands\version\command.js)
1658
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\commands\version\command.js)
1659
- [LOW] env_access: Destructured access to sensitive env var: const { GL_TOKEN } = process.env. (dist\commands\version\command.js)
1660
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\command.js)
1661
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\index.js)
1662
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\index.js)
1663
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\index.js)
1664
- [LOW] env_access: Destructured access to sensitive env var: const { GH_TOKEN } = process.env. (dist\commands\version\index.js)
1665
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\commands\version\index.js)
1666
- [LOW] env_access: Destructured access to sensitive env var: const { GL_TOKEN } = process.env. (dist\commands\version\index.js)
1667
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\index.js)
1668
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\create-release.js)
1669
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\create-release.js)
1670
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\create-release.js)
1671
- [LOW] env_access: Destructured access to sensitive env var: const { GH_TOKEN } = process.env. (dist\commands\version\lib\create-release.js)
1672
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\commands\version\lib\create-release.js)
1673
- [LOW] env_access: Destructured access to sensitive env var: const { GL_TOKEN } = process.env. (dist\commands\version\lib\create-release.js)
1674
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\create-release.js)
1675
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\get-current-branch.js)
1676
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\get-current-branch.js)
1677
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\get-current-branch.js)
1678
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\get-current-branch.js)
1679
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\git-add.js)
1680
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\git-add.js)
1681
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\git-add.js)
1682
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\git-add.js)
1683
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\git-commit.js)
1684
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\git-commit.js)
1685
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\git-commit.js)
1686
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\git-commit.js)
1687
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\git-push.js)
1688
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\git-push.js)
1689
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\git-push.js)
1690
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\git-push.js)
1691
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\git-tag.js)
1692
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\git-tag.js)
1693
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\git-tag.js)
1694
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\git-tag.js)
1695
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\is-anything-committed.js)
1696
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\is-anything-committed.js)
1697
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\is-anything-committed.js)
1698
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\is-anything-committed.js)
1699
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\is-behind-upstream.js)
1700
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\is-behind-upstream.js)
1701
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\is-behind-upstream.js)
1702
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\is-behind-upstream.js)
1703
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\prompt-version.js)
1704
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\prompt-version.js)
1705
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\prompt-version.js)
1706
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\prompt-version.js)
1707
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\remote-branch-exists.js)
1708
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\remote-branch-exists.js)
1709
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\remote-branch-exists.js)
1710
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\remote-branch-exists.js)
1711
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\version\lib\update-lockfile-version.js)
1712
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\version\lib\update-lockfile-version.js)
1713
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\commands\version\lib\update-lockfile-version.js)
1714
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\version\lib\update-lockfile-version.js)
1715
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\index.js)
1716
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\index.js)
1717
- [MEDIUM] sensitive_string: Reference to ".npmrc" detected. (dist\index.js)
1718
- [MEDIUM] env_access: Destructured access to sensitive env var: const { GH_TOKEN } = process.env. (dist\index.js)
1719
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (dist\index.js)
1720
- [MEDIUM] env_access: Destructured access to sensitive env var: const { GL_TOKEN } = process.env. (dist\index.js)
1721
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\index.js)
1722
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\utils\index.js)
1723
- [MEDIUM] sensitive_string: Reference to ".npmrc" detected. (dist\utils\index.js)
1724
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\utils\index.js)
1725
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\utils\index.js)
1726
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\changed\command.js)
1727
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\changed\command.js)
1728
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\changed\index.js)
1729
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\changed\index.js)
1730
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\clean\command.js)
1731
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\clean\command.js)
1732
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\clean\index.js)
1733
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\clean\index.js)
1734
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\diff\command.js)
1735
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\diff\command.js)
1736
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\diff\index.js)
1737
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\diff\index.js)
1738
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\diff\lib\get-last-commit.js)
1739
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\diff\lib\get-last-commit.js)
1740
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\diff\lib\has-commit.js)
1741
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\diff\lib\has-commit.js)
1742
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\exec\command.js)
1743
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\exec\command.js)
1744
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\exec\index.js)
1745
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\exec\index.js)
1746
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\import\command.js)
1747
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\import\command.js)
1748
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\import\index.js)
1749
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\import\index.js)
1750
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\info\command.js)
1751
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\info\command.js)
1752
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\info\index.js)
1753
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\info\index.js)
1754
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\init\command.js)
1755
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\init\command.js)
1756
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\init\index.js)
1757
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\init\index.js)
1758
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\list\command.js)
1759
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\list\command.js)
1760
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\list\index.js)
1761
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\list\index.js)
1762
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event, process.env[dynamic], npm_lifecycle_event, process.env[dynamic], process.env[dynamic]) + network send (get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\command.js)
1763
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event, process.env[dynamic], npm_lifecycle_event, process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\command.js)
1764
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event, npm_lifecycle_event, process.env[dynamic], process.env[dynamic]) + network send (get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\index.js)
1765
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event, npm_lifecycle_event, process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\index.js)
1766
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\fetch-config.js)
1767
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\fetch-config.js)
1768
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\get-current-sha.js)
1769
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\get-current-sha.js)
1770
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\get-current-tags.js)
1771
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\get-current-tags.js)
1772
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\get-npm-username.js)
1773
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\get-npm-username.js)
1774
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\get-profile-data.js)
1775
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\get-profile-data.js)
1776
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\get-two-factor-auth-required.js)
1777
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\get-two-factor-auth-required.js)
1778
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\get-whoami.js)
1779
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\get-whoami.js)
1780
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\git-checkout.js)
1781
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\git-checkout.js)
1782
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\publish\lib\verify-npm-package-access.js)
1783
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\publish\lib\verify-npm-package-access.js)
1784
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\run\command.js)
1785
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\run\command.js)
1786
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\run\index.js)
1787
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\run\index.js)
1788
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event) + network send (get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\command.js)
1789
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event) + write to sensitive path (fs.writeFile) (dist\commands\version\command.js)
1790
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event) + network send (get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\index.js)
1791
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event) + write to sensitive path (fs.writeFile) (dist\commands\version\index.js)
1792
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\create-release.js)
1793
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\create-release.js)
1794
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\get-current-branch.js)
1795
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\get-current-branch.js)
1796
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\git-add.js)
1797
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\git-add.js)
1798
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\git-commit.js)
1799
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\git-commit.js)
1800
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\git-push.js)
1801
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\git-push.js)
1802
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\git-tag.js)
1803
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\git-tag.js)
1804
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\is-anything-committed.js)
1805
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\is-anything-committed.js)
1806
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\is-behind-upstream.js)
1807
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\is-behind-upstream.js)
1808
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\prompt-version.js)
1809
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\prompt-version.js)
1810
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\remote-branch-exists.js)
1811
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\remote-branch-exists.js)
1812
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\version\lib\update-lockfile-version.js)
1813
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\commands\version\lib\update-lockfile-version.js)
1814
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event, process.env[dynamic], npm_lifecycle_event, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\index.js)
1815
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_event, process.env[dynamic], npm_lifecycle_event, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\index.js)
1816
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\utils\index.js)
1817
- [LOW] credential_tampering: Cache poisoning: sensitive data access (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], fs.readFileSync, fs.readFile, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + write to sensitive path (fs.writeFile) (dist\utils\index.js)
1818
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\commands\changed\command.js)
1819
- [LOW] intent_credential_exfil: Intent coherence: credential_read → file_tamper (dist\commands\changed\command.js)
1820
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\commands\changed\command.js → dist\commands\changed\index.js) (dist\commands\changed\index.js)
1821
- @changesets/cli: score 80
1822
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\changesets-cli.cjs.js)
1823
- [MEDIUM] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (dist\changesets-cli.cjs.js)
1824
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\changesets-cli.cjs.js)
1825
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\changesets-cli.esm.js)
1826
- [MEDIUM] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (dist\changesets-cli.esm.js)
1827
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\changesets-cli.esm.js)
1828
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], npm_config_registry, npm_config_registry) + network send (get, get, get, get, get, get, get) (dist\changesets-cli.cjs.js)
1829
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], npm_config_registry, npm_config_registry) + network send (get, get, get, get, get, get, get) (dist\changesets-cli.esm.js)
1830
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\changesets-cli.cjs.js)
1831
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\changesets-cli.cjs.js → dist\changesets-cli.esm.js) (dist\changesets-cli.esm.js)
1832
- pnpm: score 100
1833
- [MEDIUM] sensitive_string: Reference to ".npmrc" detected. (dist\pnpm.cjs)
1834
- [MEDIUM] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\pnpm.cjs)
1835
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\pnpm.cjs)
1836
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\pnpm.cjs)
1837
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\pnpm.cjs)
1838
- [LOW] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (dist\pnpm.cjs)
1839
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (dist\pnpm.cjs)
1840
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\pnpm.cjs)
1841
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\pnpm.cjs)
1842
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (dist\pnpm.cjs)
1843
- [LOW] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (dist\pnpm.cjs)
1844
- [MEDIUM] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (dist\pnpm.cjs)
1845
- [MEDIUM] dns_chunk_exfiltration: DNS exfiltration: data encoded in DNS queries. Covert channel for firewall bypass. (dist\pnpm.cjs)
1846
- [CRITICAL] reverse_shell: JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout. (dist\pnpm.cjs)
1847
- [MEDIUM] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\pnpm.cjs)
1848
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\pnpm.cjs)
1849
- [CRITICAL] download_exec_binary: Download-execute pattern: remote fetch + chmod executable + execSync in same file. Binary dropper camouflaged as native addon build. (dist\pnpm.cjs)
1850
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\pnpm.cjs)
1851
- [MEDIUM] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (dist\pnpm.cjs)
1852
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\pnpm.cjs)
1853
- [HIGH] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\pnpm.cjs)
1854
- [HIGH] suspicious_dataflow: Suspicious flow: command output (os.hostname, child_process.spawn, os.platform, os.platform, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], HOME, HOME, process.env[dynamic], process.env[dynamic], os.homedir, HOME, process.env[dynamic], child_process.spawn, child_process.spawnSync, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], os.homedir, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], PNPM_HOME, pnpm_config_verify_deps_before_run, pnpm_config_verify_deps_before_run, process.env[dynamic], process.env[dynamic], process.env[dynamic], os.release, process.env[dynamic], process.env[dynamic], process.env[dynamic], os.platform, os.cpus, npm_lifecycle_event, npm_node_execpath, npm_package_json, npm_execpath, npm_execpath, npm_config_node_gyp, npm_config_node_gyp, process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_script, npm_lifecycle_script, process.env[dynamic], child_process.spawn, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFile, fs/promises.readFile, fs.readFileSync, PNPM_MAX_WORKERS, PNPM_MAX_WORKERS, PNPM_WORKERS, PNPM_WORKERS, os.homedir, readFileSync, readFileSync, fs.readFileSync, child_process.exec, fs/promises.readFile, fs.readFileSync, fs/promises.readFile, fs.readFileSync, child_process.spawn, child_process.spawn, os.homedir, fs/promises.readFile, os.homedir, fs/promises.readFile, fs/promises.readFile, fs/promises.readFile, readFile, fs/promises.readFile, fs/promises.readFile, os.homedir, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_config_user_agent, readdirSync, readFileSync, fs/promises.readFile, fs/promises.readFile, FAKEROOTKEY, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFileSync, readdirSync, readdir, process.env[dynamic], npm_lifecycle_event, PNPM_SCRIPT_SRC_DIR, readFile, fs.promises.readFile, process.env[dynamic], process.env[dynamic]) + network send (get, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, socket.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, request, tls.connect, net.connect, tls.connect, tls.connect, net.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, tls.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, fetch, fetch, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, fetch, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, fetch, get, fetch, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, eval, eval, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\pnpm.cjs)
1855
- [HIGH] credential_tampering: Cache poisoning: sensitive data access (os.hostname, child_process.spawn, os.platform, os.platform, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], HOME, HOME, process.env[dynamic], process.env[dynamic], os.homedir, HOME, process.env[dynamic], child_process.spawn, child_process.spawnSync, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], os.homedir, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], PNPM_HOME, pnpm_config_verify_deps_before_run, pnpm_config_verify_deps_before_run, process.env[dynamic], process.env[dynamic], process.env[dynamic], os.release, process.env[dynamic], process.env[dynamic], process.env[dynamic], os.platform, os.cpus, npm_lifecycle_event, npm_node_execpath, npm_package_json, npm_execpath, npm_execpath, npm_config_node_gyp, npm_config_node_gyp, process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_lifecycle_script, npm_lifecycle_script, process.env[dynamic], child_process.spawn, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFile, fs/promises.readFile, fs.readFileSync, PNPM_MAX_WORKERS, PNPM_MAX_WORKERS, PNPM_WORKERS, PNPM_WORKERS, os.homedir, readFileSync, readFileSync, fs.readFileSync, child_process.exec, fs/promises.readFile, fs.readFileSync, fs/promises.readFile, fs.readFileSync, child_process.spawn, child_process.spawn, os.homedir, fs/promises.readFile, os.homedir, fs/promises.readFile, fs/promises.readFile, fs/promises.readFile, readFile, fs/promises.readFile, fs/promises.readFile, os.homedir, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], npm_config_user_agent, readdirSync, readFileSync, fs/promises.readFile, fs/promises.readFile, FAKEROOTKEY, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], readFileSync, readdirSync, readdir, process.env[dynamic], npm_lifecycle_event, PNPM_SCRIPT_SRC_DIR, readFile, fs.promises.readFile, process.env[dynamic], process.env[dynamic]) + write to sensitive path (writeFileSync, writeFileSync) (dist\pnpm.cjs)
1856
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, fs.readFileSync) + network send (get, get, get, get, get, get, get, get) (dist\worker.js)
1857
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\pnpm.cjs)
1858
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\pnpm.cjs)
1859
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (dist\pnpm.cjs)
1860
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\pnpm.cjs → dist\worker.js) (dist\worker.js)
1861
- yarn: score 87
1862
- [MEDIUM] lifecycle_script: Script "preinstall" detected. Common attack vector. (package.json)
1863
- [LOW] dynamic_require: Object property indirection: exports = require('fs') — hiding dangerous module in object property. (lib\cli.js)
1864
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (lib\cli.js)
1865
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (lib\cli.js)
1866
- [LOW] env_access: Access to sensitive variable process.env.YARN_AUTH_TOKEN. (lib\cli.js)
1867
- [LOW] env_access: Access to sensitive variable process.env.NPM_AUTH_TOKEN. (lib\cli.js)
1868
- [LOW] dynamic_require: Object property indirection: exports = require('net') — hiding dangerous module in object property. (lib\cli.js)
1869
- [LOW] sensitive_string: Reference to ".npmrc" detected. (lib\cli.js)
1870
- [LOW] dynamic_require: Object property indirection: exports = require('child_process') — hiding dangerous module in object property. (lib\cli.js)
1871
- [LOW] env_access: Access to sensitive variable process.env.GITHUB_TOKEN. (lib\cli.js)
1872
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (lib\cli.js)
1873
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\cli.js)
1874
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (lib\cli.js)
1875
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\cli.js)
1876
- [LOW] prototype_hook: Request.prototype.debug overridden — native API hooking for traffic interception. (lib\cli.js)
1877
- [LOW] prototype_hook: Request.prototype.init overridden — native API hooking for traffic interception. (lib\cli.js)
1878
- [LOW] prototype_hook: Request.prototype.getNewAgent overridden — native API hooking for traffic interception. (lib\cli.js)
1879
- [LOW] prototype_hook: Request.prototype.start overridden — native API hooking for traffic interception. (lib\cli.js)
1880
- [LOW] prototype_hook: Request.prototype.onRequestError overridden — native API hooking for traffic interception. (lib\cli.js)
1881
- [LOW] prototype_hook: Request.prototype.onRequestResponse overridden — native API hooking for traffic interception. (lib\cli.js)
1882
- [LOW] prototype_hook: Request.prototype.readResponseBody overridden — native API hooking for traffic interception. (lib\cli.js)
1883
- [LOW] prototype_hook: Request.prototype.abort overridden — native API hooking for traffic interception. (lib\cli.js)
1884
- [LOW] prototype_hook: Request.prototype.pipeDest overridden — native API hooking for traffic interception. (lib\cli.js)
1885
- [LOW] prototype_hook: Request.prototype.qs overridden — native API hooking for traffic interception. (lib\cli.js)
1886
- [LOW] prototype_hook: Request.prototype.form overridden — native API hooking for traffic interception. (lib\cli.js)
1887
- [LOW] prototype_hook: Request.prototype.multipart overridden — native API hooking for traffic interception. (lib\cli.js)
1888
- [LOW] prototype_hook: Request.prototype.json overridden — native API hooking for traffic interception. (lib\cli.js)
1889
- [LOW] prototype_hook: Request.prototype.getHeader overridden — native API hooking for traffic interception. (lib\cli.js)
1890
- [LOW] prototype_hook: Request.prototype.enableUnixSocket overridden — native API hooking for traffic interception. (lib\cli.js)
1891
- [LOW] prototype_hook: Request.prototype.auth overridden — native API hooking for traffic interception. (lib\cli.js)
1892
- [LOW] prototype_hook: Request.prototype.aws overridden — native API hooking for traffic interception. (lib\cli.js)
1893
- [LOW] prototype_hook: Request.prototype.httpSignature overridden — native API hooking for traffic interception. (lib\cli.js)
1894
- [LOW] prototype_hook: Request.prototype.hawk overridden — native API hooking for traffic interception. (lib\cli.js)
1895
- [LOW] prototype_hook: Request.prototype.oauth overridden — native API hooking for traffic interception. (lib\cli.js)
1896
- [LOW] prototype_hook: Request.prototype.jar overridden — native API hooking for traffic interception. (lib\cli.js)
1897
- [LOW] prototype_hook: Request.prototype.pipe overridden — native API hooking for traffic interception. (lib\cli.js)
1898
- [LOW] prototype_hook: Request.prototype.write overridden — native API hooking for traffic interception. (lib\cli.js)
1899
- [LOW] prototype_hook: Request.prototype.end overridden — native API hooking for traffic interception. (lib\cli.js)
1900
- [LOW] prototype_hook: Request.prototype.pause overridden — native API hooking for traffic interception. (lib\cli.js)
1901
- [LOW] prototype_hook: Request.prototype.resume overridden — native API hooking for traffic interception. (lib\cli.js)
1902
- [LOW] prototype_hook: Request.prototype.destroy overridden — native API hooking for traffic interception. (lib\cli.js)
1903
- [LOW] prototype_hook: Request.prototype.toJSON overridden — native API hooking for traffic interception. (lib\cli.js)
1904
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (lib\cli.js)
1905
- [LOW] dynamic_require: Object property indirection: exports = require('dns') — hiding dangerous module in object property. (lib\cli.js)
1906
- [LOW] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (lib\cli.js)
1907
- [LOW] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (lib\cli.js)
1908
- [LOW] dns_chunk_exfiltration: DNS exfiltration: data encoded in DNS queries. Covert channel for firewall bypass. (lib\cli.js)
1909
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (lib\cli.js)
1910
- [LOW] fetch_decrypt_exec: Steganographic payload chain: remote fetch + crypto decryption + dynamic execution. No legitimate package uses this pattern. (lib\cli.js)
1911
- [LOW] download_exec_binary: Download-execute pattern: remote fetch + chmod executable + execSync in same file. Binary dropper camouflaged as native addon build. (lib\cli.js)
1912
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\cli.js)
1913
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\v8-compile-cache.js)
1914
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\v8-compile-cache.js)
1915
- [LOW] vm_code_execution: new vm.Script() with dynamic code — vm module code compilation bypasses eval detection. (lib\v8-compile-cache.js)
1916
- [LOW] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (lib\v8-compile-cache.js)
1917
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (lib\cli.js)
1918
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (YARN_AUTH_TOKEN, NPM_AUTH_TOKEN, npm_lifecycle_event, npm_node_execpath, npm_execpath, npm_execpath, npm_config_argv, npm_lifecycle_script, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], NPM_CONFIG_PRODUCTION, os.platform, secretKey, secretKey, os.networkInterfaces, AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY, AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, AWS_SESSION_TOKEN, GITHUB_TOKEN, process.env[dynamic], process.env[dynamic], process.env[dynamic], USERPROFILE, HOME, process.env[dynamic], process.env[dynamic], FAKEROOTKEY, os.release, process.env[dynamic], process.env[dynamic], os.release, process.env[dynamic]) + network send (get, get, fetch, get, get, get, get, fetch, get, get, get, get, fetch, request, get, get, get, get, get, get, get, get, get, get, get, get, get, request, request, request, request, request, request, request, request, get, fetch, get, get, get, get, request, fetch, fetch, get, get, get, get, get, get, get, get, get, get, request, get, get, get, get, get, request, request, request, request, get, get, get, get, request, get, get, get, fetch, request, get, get, get, request, request, request, request, request, request, request, request, request, request, request, request, request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, request, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, tls.connect, request, https.request, request, http.request, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, request, get, get, request, eval, eval, request, tls.connect, socket.connect, get, get, get, get, get) (lib\cli.js)
1919
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (lib\cli.js)
1920
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\cli.js)
1921
- npm: score 55
1922
- [MEDIUM] lifecycle_script: Script "prepack" detected. Common attack vector. (package.json)
1923
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\cli.js)
1924
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\commands\config.js)
1925
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\commands\logout.js)
1926
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\commands\publish.js)
1927
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\commands\token.js)
1928
- [LOW] dynamic_require: Dynamic require() with template literal (module name obfuscation). (lib\npm.js)
1929
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\utils\error-message.js)
1930
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\utils\get-identity.js)
1931
- [LOW] env_access: Access to sensitive variable process.env.NPM_ID_TOKEN. (lib\utils\oidc.js)
1932
- [LOW] env_access: Access to sensitive variable process.env.ACTIONS_ID_TOKEN_REQUEST_URL. (lib\utils\oidc.js)
1933
- [LOW] env_access: Access to sensitive variable process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN. (lib\utils\oidc.js)
1934
- [LOW] env_access: Access to sensitive variable process.env.SIGSTORE_ID_TOKEN. (lib\utils\oidc.js)
1935
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\utils\oidc.js)
1936
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (HOME, HOME) + network send (get, get, get, get, get, get, get, get) (lib\commands\cache.js)
1937
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], HOME) + network send (get, get, get, get, get, get) (lib\commands\config.js)
1938
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (npm_command) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (lib\npm.js)
1939
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (NPM_ID_TOKEN, ACTIONS_ID_TOKEN_REQUEST_URL, ACTIONS_ID_TOKEN_REQUEST_TOKEN, ACTIONS_ID_TOKEN_REQUEST_URL, ACTIONS_ID_TOKEN_REQUEST_TOKEN, SIGSTORE_ID_TOKEN) + network send (fetch) (lib\utils\oidc.js)
1940
- [MEDIUM] high_entropy_string: High entropy string (5.95 bits, 62 chars) — possible base64/hex/encrypted payload (node_modules\fastest-levenshtein\bench.js)
1941
- [MEDIUM] high_entropy_string: High entropy string (5.95 bits, 62 chars) — possible base64/hex/encrypted payload (node_modules\fastest-levenshtein\test.js)
1942
- [LOW] high_entropy_string: High entropy window in long string (9958 chars, offset 1500) — possible padded payload (node_modules\iconv-lite\encodings\sbcs-data-generated.js)
1943
- [LOW] high_entropy_string: High entropy window in long string (5989 chars, offset 0) — possible padded payload (node_modules\iconv-lite\encodings\sbcs-data-generated.js)
1944
- [LOW] high_entropy_string: High entropy string (7.79 bits, 222 chars) — possible base64/hex/encrypted payload (node_modules\iconv-lite\encodings\sbcs-data-generated.js)
1945
- [LOW] high_entropy_string: High entropy string (7.00 bits, 128 chars) — possible base64/hex/encrypted payload (node_modules\iconv-lite\encodings\sbcs-data-generated.js)
1946
- [LOW] high_entropy_string: High entropy string (7.00 bits, 128 chars) — possible base64/hex/encrypted payload (node_modules\iconv-lite\encodings\sbcs-data.js)
1947
- [LOW] high_entropy_string: High entropy string (6.34 bits, 197 chars) — possible base64/hex/encrypted payload (node_modules\iconv-lite\encodings\sbcs-data.js)
1948
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\commands\config.js → lib\commands\cache.js) (lib\commands\cache.js)
1949
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\commands\config.js)
1950
- ultra-runner: score 100
1951
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\monitor.js)
1952
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\package.js)
1953
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\pnp.js)
1954
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\workspace.providers.js)
1955
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\yargs.js)
1956
- [CRITICAL] suspicious_dataflow: Suspicious flow: command output (child_process.exec) + network send (get) (lib\git.js)
1957
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (fs.readFileSync) + network send (get, get, get) (lib\pnp.js)
1958
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\pnp.js → lib\git.js) (lib\git.js)
1959
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\pnp.js)
1960
- sharp: score 29
1961
- [MEDIUM] lifecycle_script: Script "install" detected. Common attack vector. (package.json)
1962
- [HIGH] dynamic_require: Dynamic require() with template literal (module name obfuscation). (lib\libvips.js)
1963
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\sharp.js)
1964
- [HIGH] dynamic_require: Dynamic require() with template literal (module name obfuscation). (lib\sharp.js)
1965
- [HIGH] dynamic_require: Dynamic require() with template literal (module name obfuscation). (lib\utility.js)
1966
- node-gyp: score 41
1967
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\find-python.js)
1968
- [HIGH] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (lib\node-gyp.js)
1969
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\node-gyp.js)
1970
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\find-python.js → lib/download.js) (lib/download.js)
1971
- @napi-rs/cli: score 77
1972
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\cli.js)
1973
- [MEDIUM] env_access: Access to sensitive variable process.env.GITHUB_TOKEN. (dist\cli.js)
1974
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\cli.js)
1975
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\index.cjs)
1976
- [MEDIUM] env_access: Access to sensitive variable process.env.GITHUB_TOKEN. (dist\index.cjs)
1977
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\index.cjs)
1978
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\index.js)
1979
- [MEDIUM] env_access: Access to sensitive variable process.env.GITHUB_TOKEN. (dist\index.js)
1980
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\index.js)
1981
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], npm_new_version, process.env[dynamic], GITHUB_TOKEN) + network send (get, get, get, get, fetch, get, get) (dist\cli.js)
1982
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], npm_new_version, process.env[dynamic], GITHUB_TOKEN) + network send (get, get, get, get, fetch, get, get) (dist\index.cjs)
1983
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], npm_new_version, process.env[dynamic], GITHUB_TOKEN) + network send (get, get, get, get, fetch, get, get) (dist\index.js)
1984
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\cli.js)
1985
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\cli.js → dist\index.cjs) (dist\index.cjs)
1986
- node-pre-gyp: score 48
1987
- [HIGH] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (lib\node-pre-gyp.js)
1988
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\node-pre-gyp.js)
1989
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\pre-binding.js)
1990
- [MEDIUM] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (lib\util\versioning.js)
1991
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\util\versioning.js)
1992
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (npm_config_user_agent, npm_config_proxy, npm_config_argv, npm_config_argv) + network send (get) (lib\install.js)
1993
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\node-pre-gyp.js → lib\install.js) (lib\install.js)
1994
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\install.js)
1995
- release-it: score 97
1996
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\plugin\factory.js)
1997
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\plugin\gitlab\GitLab.js)
1998
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\plugin\gitlab\GitLab.js)
1999
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\plugin\GitRelease.js)
2000
- [LOW] env_access: Dynamic access to process.env (variable key). (test\github.js)
2001
- [LOW] env_access: Dynamic access to process.env (variable key). (test\gitlab.js)
2002
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (test\gitlab.js)
2003
- [LOW] env_access: Dynamic access to process.env (variable key). (test\tasks.js)
2004
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (request, request, request, fetch, request, request, request) (lib\plugin\gitlab\GitLab.js)
2005
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get) (test\gitlab.js)
2006
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\plugin\gitlab\GitLab.js)
2007
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\plugin\gitlab\GitLab.js → test\gitlab.js) (test\gitlab.js)
2008
- vercel: score 95
2009
- [CRITICAL] known_malicious_package: Malicious dependency declared: @vercel-internals/constants@1.0.4 (source: IOC) (package.json)
2010
- [LOW] sandbox_evasion: Sandbox/container detection via statSync("/.dockerenv") — anti-analysis technique. (dist\chunks\chunk-74F7S6QJ.js)
2011
- [LOW] ai_agent_abuse: AI agent security bypass flag "--dangerously-skip-permissions" referenced in code — verify it is not used in exec/spawn invocations. (dist\chunks\chunk-74F7S6QJ.js)
2012
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-74F7S6QJ.js)
2013
- [LOW] sensitive_string: Reference to ".npmrc" detected. (dist\chunks\chunk-7E44U65V.js)
2014
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-AWCPEMR2.js)
2015
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-BFAZVUS3.js)
2016
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\chunks\chunk-BNSR2EP5.js)
2017
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require('util').inspect" (dist\chunks\chunk-BNSR2EP5.js)
2018
- [LOW] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (dist\chunks\chunk-BNSR2EP5.js)
2019
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\chunks\chunk-BNSR2EP5.js)
2020
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\chunks\chunk-BNSR2EP5.js)
2021
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-BNSR2EP5.js)
2022
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\chunks\chunk-BNSR2EP5.js)
2023
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\chunks\chunk-LCYROVUM.js)
2024
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-LFXZ5E5S.js)
2025
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-LLPVFNNI.js)
2026
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\chunks\chunk-PQABRSPJ.js)
2027
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\chunks\chunk-UPNWDVQF.js)
2028
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\chunks\chunk-ZGVB6SQH.js)
2029
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\build\index.js)
2030
- [LOW] env_access: Access to sensitive variable process.env.CRON_SECRET. (dist\commands\build\index.js)
2031
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\build\index.js)
2032
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\deploy\index.js)
2033
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\dev\builder-worker.cjs)
2034
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\commands\dev\index.js)
2035
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\commands\dev\index.js)
2036
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\dev\index.js)
2037
- [LOW] env_access: Access to sensitive variable process.env.REFRESH_VERCEL_OIDC_TOKEN_BEFORE_EXPIRY_MILLIS. (dist\commands\dev\index.js)
2038
- [LOW] env_access: Access to sensitive variable process.env.REFRESH_VERCEL_OIDC_TOKEN_THROTTLE_MILLIS. (dist\commands\dev\index.js)
2039
- [LOW] reverse_shell: JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout. (dist\commands\dev\index.js)
2040
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\commands\dev\index.js)
2041
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\env\index.js)
2042
- [LOW] ai_agent_abuse: AI agent security bypass flag "--dangerously-skip-permissions" referenced in code — verify it is not used in exec/spawn invocations. (dist\commands-bulk.js)
2043
- [LOW] env_access: Access to sensitive variable process.env.BLOB_READ_WRITE_TOKEN. (dist\commands-bulk.js)
2044
- [LOW] env_access: Access to sensitive variable process.env.VERCEL_AUTOMATION_BYPASS_SECRET. (dist\commands-bulk.js)
2045
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands-bulk.js)
2046
- [LOW] mcp_config_injection: MCP config injection: code contains MCP server configuration keywords (mcpServers/mcp.json/claude_desktop_config) with filesystem writes. AI toolchain poisoning. (dist\commands-bulk.js)
2047
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\index.js)
2048
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\index.js)
2049
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\index.js)
2050
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\index.js)
2051
- [LOW] env_access: Access to sensitive variable process.env.VERCEL_TOKEN. (dist\index.js)
2052
- [LOW] zlib_inflate_eval: Obfuscated payload: zlib inflate + base64 decode + dynamic execution. No legitimate package uses this pattern. (dist\index.js)
2053
- [LOW] reverse_shell: JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout. (dist\index.js)
2054
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\index.js)
2055
- [LOW] wasm_host_sink: WebAssembly module with network-capable host imports. WASM can invoke host callbacks to exfiltrate data while hiding control flow. (dist\index.js)
2056
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\index.js)
2057
- [LOW] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (dist\index.js)
2058
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\index.js)
2059
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (dist\chunks\chunk-BNSR2EP5.js)
2060
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (dist\chunks\chunk-PQABRSPJ.js)
2061
- [LOW] obfuscation_detected: Code obfusque (score: 50). Signaux: unicode_escapes, base64_eval (dist\index.js)
2062
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.arch) + network send (get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, fetch) (dist\chunks\chunk-74F7S6QJ.js)
2063
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.release) + network send (get, get) (dist\chunks\chunk-7K6FEHYP.js)
2064
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.release) + network send (get, get, get) (dist\chunks\chunk-A2M6YJ6J.js)
2065
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.cpus, os.platform) + network send (get, get, get, get, get, get, get, get, get) (dist\chunks\chunk-BFAZVUS3.js)
2066
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\chunks\chunk-BNSR2EP5.js)
2067
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.cpus, os.platform, os.arch) + network send (eval, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, fetch, fetch, fetch, get, get, get, get, get, fetch, fetch, fetch, fetch, fetch, fetch) (dist\chunks\chunk-BNSR2EP5.js)
2068
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (readFileSync, process.env[dynamic]) + network send (fetch) (dist\chunks\chunk-LCYROVUM.js)
2069
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (HOME, LOGNAME, USER, USERNAME, USERPROFILE, USERNAME, USER, COMPUTERNAME, HOSTNAME) + network send (get, get) (dist\chunks\chunk-U2JGHN2P.js)
2070
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get) (dist\chunks\chunk-UPNWDVQF.js)
2071
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], CRON_SECRET, process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get) (dist\commands\build\index.js)
2072
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (fetch, get) (dist\commands\deploy\index.js)
2073
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\commands\dev\index.js)
2074
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], REFRESH_VERCEL_OIDC_TOKEN_BEFORE_EXPIRY_MILLIS, REFRESH_VERCEL_OIDC_TOKEN_THROTTLE_MILLIS) + network send (eval, request, request, request, request, request, get, socket.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commands\dev\index.js)
2075
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (BLOB_READ_WRITE_TOKEN, BLOB_READ_WRITE_TOKEN, VERCEL_AUTOMATION_BYPASS_SECRET, VERCEL_AUTOMATION_BYPASS_SECRET, HOME, HOME, HOME, HOME, HOME, HOME, HOME, HOME) + network send (fetch, fetch, fetch, fetch, fetch, fetch, fetch, get, get, get, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, get, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, get, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, fetch, get, get, get, fetch, get, get, get, fetch, fetch, fetch, fetch) (dist\commands-bulk.js)
2076
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (fs/promises.readFile, fs/promises.readFile) + network send (get, https.get) (dist\get-latest-worker.cjs)
2077
- [LOW] credential_tampering: Cache poisoning: sensitive data access (fs/promises.readFile, fs/promises.readFile) + write to sensitive path (fs.writeFileSync) (dist\get-latest-worker.cjs)
2078
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\index.js)
2079
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, os.freemem, os.platform, os.release, os.arch, os.totalmem, os.freemem, os.cpus, os.release, os.release, os.release, AWS_REGION, AWS_REGION, AWS_EXECUTION_ENV, GCP_PROJECT, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], VERCEL_TOKEN, VERCEL_TOKEN) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, tls.connect, net.connect, tls.connect, request, get, get, get, get, get, post, post, post, post, post, request, get, get, get, get, eval, fetch, get) (dist\index.js)
2080
- [LOW] intent_command_exfil: Intent coherence: command_output → network_external (dist\chunks\chunk-74F7S6QJ.js)
2081
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\chunks\chunk-74F7S6QJ.js)
2082
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\chunks\chunk-74F7S6QJ.js → dist\chunks\chunk-7K6FEHYP.js) (dist\chunks\chunk-7K6FEHYP.js)
2083
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\chunks\chunk-BNSR2EP5.js)
2084
- [LOW] intent_credential_exfil: Intent coherence: credential_read → file_tamper (dist\commands-bulk.js)
2085
- netlify-cli: score 36
2086
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
2087
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\agents\agents-show.js)
2088
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\agents\agents-stop.js)
2089
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\base-command.js)
2090
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\database\init.js)
2091
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\database\utils.js)
2092
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\env\env-set.js)
2093
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\commands\functions\functions-create.js)
2094
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\functions\functions-create.js)
2095
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (dist\commands\functions\functions-invoke.js)
2096
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\functions\functions-invoke.js)
2097
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\commands\recipes\common.js)
2098
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\commands\serve\serve.js)
2099
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\commands\sites\sites-create-template.js)
2100
- [LOW] env_access: Access to sensitive variable process.env.NETLIFY_TEST_GITHUB_TOKEN. (dist\lib\exec-fetcher.js)
2101
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\lib\exec-fetcher.js)
2102
- [LOW] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\lib\functions\runtimes\js\builders\zisi.js)
2103
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\lib\functions\runtimes\js\worker.js)
2104
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\lib\functions\runtimes\js\worker.js)
2105
- [LOW] env_access: Destructured access to sensitive env var: const { NETLIFY_AUTH_TOKEN } = process.env. (dist\utils\command-helpers.js)
2106
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\utils\dev.js)
2107
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\utils\execa.js)
2108
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\utils\live-tunnel.js)
2109
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\utils\proxy.js)
2110
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\utils\sites\create-template.js)
2111
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\utils\sites\utils.js)
2112
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.platform, os.arch) + network send (get) (dist\utils\telemetry\report-error.js)
2113
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\commands\agents\agents-show.js → dist\utils\telemetry\report-error.js) (dist\utils\telemetry\report-error.js)
2114
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\utils\telemetry\report-error.js)
2115
- wrangler: score 30
2116
- [LOW] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (templates\checked-fetch.js)
2117
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (templates\checked-fetch.js)
2118
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (wrangler-dist\InspectorProxyWorker.js)
2119
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (wrangler-dist\ProxyServerWorker.js)
2120
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (wrangler-dist\ProxyWorker.js)
2121
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: wrangler-dist\InspectorProxyWorker.js → templates/checked-fetch.js) (templates/checked-fetch.js)
2122
- pm2: score 100
2123
- [HIGH] env_access: Access to sensitive variable process.env.KEYMETRICS_SECRET. (constants.js)
2124
- [HIGH] env_access: Access to sensitive variable process.env.PM2_SECRET_KEY. (constants.js)
2125
- [HIGH] env_access: Access to sensitive variable process.env.SECRET_KEY. (constants.js)
2126
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\API\Extra.js)
2127
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\API\Modules\NPM.js)
2128
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\API\Modules\TAR.js)
2129
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\API\Modules\TAR.js)
2130
- [HIGH] env_access: Access to sensitive variable process.env.PM2_IO_TOKEN. (lib\API\pm2-plus\auth-strategies\CliAuth.js)
2131
- [HIGH] env_access: Access to sensitive variable process.env.PM2_IO_TOKEN. (lib\API\pm2-plus\auth-strategies\WebAuth.js)
2132
- [LOW] env_access: Access to sensitive variable process.env.PM2_SERVE_BASIC_AUTH. (lib\API\Serve.js)
2133
- [LOW] env_access: Access to sensitive variable process.env.PM2_SERVE_BASIC_AUTH_USERNAME. (lib\API\Serve.js)
2134
- [LOW] env_access: Access to sensitive variable process.env.PM2_SERVE_BASIC_AUTH_PASSWORD. (lib\API\Serve.js)
2135
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\API\Serve.js)
2136
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\API\UX\pm2-describe.js)
2137
- [HIGH] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (lib\Client.js)
2138
- [HIGH] vm_code_execution: vm.runInThisContext() — dynamic code execution via Node.js vm module bypasses eval detection. (lib\Common.js)
2139
- [HIGH] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (lib\Common.js)
2140
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\Common.js)
2141
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\Daemon.js)
2142
- [HIGH] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (lib\Daemon.js)
2143
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\God\ActionMethods.js)
2144
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\ProcessContainer.js)
2145
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\ProcessContainer.js)
2146
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\ProcessContainer.js)
2147
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\ProcessContainerBun.js)
2148
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\ProcessContainerBun.js)
2149
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\ProcessContainerFork.js)
2150
- [LOW] dynamic_require: Dynamic require() with member expression argument (object property obfuscation). (lib\ProcessContainerForkBun.js)
2151
- [HIGH] sensitive_string: Reference to "/etc/passwd" detected. (lib\tools\passwd.js)
2152
- [HIGH] sandbox_evasion: Sandbox/container detection via statSync("/.dockerenv") — anti-analysis technique. (lib\VersionCheck.js)
2153
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (paths.js)
2154
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (PM2_IO_TOKEN, PM2_IO_TOKEN) + network send (post, post, get, post, get) (lib\API\pm2-plus\auth-strategies\CliAuth.js)
2155
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (KEYMETRICS_NODE) + network send (get, get) (lib\binaries\CLI.js)
2156
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (post, post, post, post) (lib\Daemon.js)
2157
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: constants.js → lib\API\pm2-plus\auth-strategies\CliAuth.js) (lib\API\pm2-plus\auth-strategies\CliAuth.js)
2158
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\API\pm2-plus\auth-strategies\CliAuth.js)
2159
- forever: score 94
2160
- [HIGH] dynamic_require: Dynamic require() with computed argument (possible decode obfuscation). (lib\forever\worker.js)
2161
- [HIGH] detached_process: spawn() with {detached: true} — background process survives parent exit (evasion technique). (lib\forever.js)
2162
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (HOME, USERPROFILE) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (lib\forever.js)
2163
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (lib\util\utils.js)
2164
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\forever.js)
2165
- node-forge: score 46
2166
- [LOW] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\forge.all.min.js)
2167
- [LOW] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\forge.min.js)
2168
- [HIGH] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (lib\aes.js)
2169
- [HIGH] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (lib\aesCipherSuites.js)
2170
- [HIGH] crypto_decipher: createDecipher() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (lib\des.js)
2171
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey, privateKey, privateKey, privateKey, privateKey, privateKey) + network send (get, get) (dist\forge.all.min.js)
2172
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey, privateKey, privateKey, privateKey, privateKey, privateKey) + network send (get, get) (dist\forge.min.js)
2173
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\forge.all.min.js)
2174
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\forge.all.min.js → dist\forge.min.js) (dist\forge.min.js)
2175
- axios: score 22
2176
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2177
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\axios.js)
2178
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\axios.min.js)
2179
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\browser\axios.cjs)
2180
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\axios.js)
2181
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\axios.min.js)
2182
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\node\axios.cjs)
2183
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\adapters\fetch.js)
2184
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\core\Axios.js)
2185
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\defaults\index.js)
2186
- node-fetch: score 38
2187
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\headers.js)
2188
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (src\headers.js)
2189
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\request.js)
2190
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\utils\multipart-parser.js)
2191
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: src\headers.js → @types/index.d.ts) (@types/index.d.ts)
2192
- undici: score 93
2193
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2194
- [HIGH] prototype_hook: globalThis.fetch overridden — native API hooking for traffic interception. (index.js)
2195
- [HIGH] prototype_hook: globalThis.Response overridden — native API hooking for traffic interception. (index.js)
2196
- [HIGH] prototype_hook: globalThis.Request overridden — native API hooking for traffic interception. (index.js)
2197
- [HIGH] prototype_hook: globalThis.WebSocket overridden — native API hooking for traffic interception. (index.js)
2198
- [HIGH] prototype_hook: globalThis.EventSource overridden — native API hooking for traffic interception. (index.js)
2199
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\core\util.js)
2200
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\dispatcher\proxy-agent.js)
2201
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\eventsource\eventsource.js)
2202
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\fetch\constants.js)
2203
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\fetch\data-url.js)
2204
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\fetch\index.js)
2205
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\fetch\request.js)
2206
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\fetch\response.js)
2207
- [HIGH] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (lib\web\fetch\response.js)
2208
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\fetch\util.js)
2209
- [HIGH] stream_credential_intercept: Stream class (Transform/Duplex/Writable) with credential regex scanning + network call — data-in-transit credential wiretap. (lib\web\fetch\util.js)
2210
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\web\websocket\connection.js)
2211
- [HIGH] prototype_hook: WebSocket.prototype.CONNECTING overridden — native API hooking for traffic interception. (lib\web\websocket\websocket.js)
2212
- [HIGH] prototype_hook: WebSocket.prototype.OPEN overridden — native API hooking for traffic interception. (lib\web\websocket\websocket.js)
2213
- [HIGH] prototype_hook: WebSocket.prototype.CLOSING overridden — native API hooking for traffic interception. (lib\web\websocket\websocket.js)
2214
- [HIGH] prototype_hook: WebSocket.prototype.CLOSED overridden — native API hooking for traffic interception. (lib\web\websocket\websocket.js)
2215
- [LOW] js_obfuscation_pattern: Long base64 payload detected (72020 chars) — possible encoded malicious code (lib\llhttp\llhttp-wasm.js)
2216
- [LOW] js_obfuscation_pattern: Long base64 payload detected (72272 chars) — possible encoded malicious code (lib\llhttp\llhttp_simd-wasm.js)
2217
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\core\util.js → index-fetch.js) (index-fetch.js)
2218
- superagent: score 32
2219
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2220
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\superagent.js)
2221
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (dist\superagent.js)
2222
- [LOW] prototype_hook: Response.prototype._parseBody overridden — native API hooking for traffic interception. (dist\superagent.js)
2223
- [LOW] prototype_hook: Response.prototype.toError overridden — native API hooking for traffic interception. (dist\superagent.js)
2224
- [LOW] prototype_hook: Request.prototype.type overridden — native API hooking for traffic interception. (dist\superagent.js)
2225
- [LOW] prototype_hook: Request.prototype.accept overridden — native API hooking for traffic interception. (dist\superagent.js)
2226
- [LOW] prototype_hook: Request.prototype.auth overridden — native API hooking for traffic interception. (dist\superagent.js)
2227
- [LOW] prototype_hook: Request.prototype.query overridden — native API hooking for traffic interception. (dist\superagent.js)
2228
- [LOW] prototype_hook: Request.prototype.attach overridden — native API hooking for traffic interception. (dist\superagent.js)
2229
- [LOW] prototype_hook: Request.prototype._getFormData overridden — native API hooking for traffic interception. (dist\superagent.js)
2230
- [LOW] prototype_hook: Request.prototype.callback overridden — native API hooking for traffic interception. (dist\superagent.js)
2231
- [LOW] prototype_hook: Request.prototype.crossDomainError overridden — native API hooking for traffic interception. (dist\superagent.js)
2232
- [LOW] prototype_hook: Request.prototype.agent overridden — native API hooking for traffic interception. (dist\superagent.js)
2233
- [LOW] prototype_hook: Request.prototype.ca overridden — native API hooking for traffic interception. (dist\superagent.js)
2234
- [LOW] prototype_hook: Request.prototype.buffer overridden — native API hooking for traffic interception. (dist\superagent.js)
2235
- [LOW] prototype_hook: Request.prototype.write overridden — native API hooking for traffic interception. (dist\superagent.js)
2236
- [LOW] prototype_hook: Request.prototype.pipe overridden — native API hooking for traffic interception. (dist\superagent.js)
2237
- [LOW] prototype_hook: Request.prototype._isHost overridden — native API hooking for traffic interception. (dist\superagent.js)
2238
- [LOW] prototype_hook: Request.prototype.end overridden — native API hooking for traffic interception. (dist\superagent.js)
2239
- [LOW] prototype_hook: Request.prototype._setUploadTimeout overridden — native API hooking for traffic interception. (dist\superagent.js)
2240
- [LOW] prototype_hook: Request.prototype._end overridden — native API hooking for traffic interception. (dist\superagent.js)
2241
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\superagent.min.js)
2242
- [LOW] dangerous_call_function: Indirect Function via alias "Z" — eval wrapper evasion. (dist\superagent.min.js)
2243
- [MEDIUM] prototype_hook: Response.prototype._parseBody overridden — native API hooking for traffic interception. (lib\client.js)
2244
- [MEDIUM] prototype_hook: Response.prototype.toError overridden — native API hooking for traffic interception. (lib\client.js)
2245
- [MEDIUM] prototype_hook: Request.prototype.type overridden — native API hooking for traffic interception. (lib\client.js)
2246
- [MEDIUM] prototype_hook: Request.prototype.accept overridden — native API hooking for traffic interception. (lib\client.js)
2247
- [MEDIUM] prototype_hook: Request.prototype.auth overridden — native API hooking for traffic interception. (lib\client.js)
2248
- [MEDIUM] prototype_hook: Request.prototype.query overridden — native API hooking for traffic interception. (lib\client.js)
2249
- [MEDIUM] prototype_hook: Request.prototype.attach overridden — native API hooking for traffic interception. (lib\client.js)
2250
- [MEDIUM] prototype_hook: Request.prototype._getFormData overridden — native API hooking for traffic interception. (lib\client.js)
2251
- [MEDIUM] prototype_hook: Request.prototype.callback overridden — native API hooking for traffic interception. (lib\client.js)
2252
- [MEDIUM] prototype_hook: Request.prototype.crossDomainError overridden — native API hooking for traffic interception. (lib\client.js)
2253
- [MEDIUM] prototype_hook: Request.prototype.agent overridden — native API hooking for traffic interception. (lib\client.js)
2254
- [MEDIUM] prototype_hook: Request.prototype.ca overridden — native API hooking for traffic interception. (lib\client.js)
2255
- [MEDIUM] prototype_hook: Request.prototype.buffer overridden — native API hooking for traffic interception. (lib\client.js)
2256
- [MEDIUM] prototype_hook: Request.prototype.write overridden — native API hooking for traffic interception. (lib\client.js)
2257
- [MEDIUM] prototype_hook: Request.prototype.pipe overridden — native API hooking for traffic interception. (lib\client.js)
2258
- [MEDIUM] prototype_hook: Request.prototype._isHost overridden — native API hooking for traffic interception. (lib\client.js)
2259
- [MEDIUM] prototype_hook: Request.prototype.end overridden — native API hooking for traffic interception. (lib\client.js)
2260
- [MEDIUM] prototype_hook: Request.prototype._setUploadTimeout overridden — native API hooking for traffic interception. (lib\client.js)
2261
- [MEDIUM] prototype_hook: Request.prototype._end overridden — native API hooking for traffic interception. (lib\client.js)
2262
- [MEDIUM] prototype_hook: Request.prototype.http2 overridden — native API hooking for traffic interception. (lib\node\index.js)
2263
- [MEDIUM] prototype_hook: Request.prototype.attach overridden — native API hooking for traffic interception. (lib\node\index.js)
2264
- [MEDIUM] prototype_hook: Request.prototype._getFormData overridden — native API hooking for traffic interception. (lib\node\index.js)
2265
- [MEDIUM] prototype_hook: Request.prototype.agent overridden — native API hooking for traffic interception. (lib\node\index.js)
2266
- [MEDIUM] prototype_hook: Request.prototype.lookup overridden — native API hooking for traffic interception. (lib\node\index.js)
2267
- [MEDIUM] prototype_hook: Request.prototype.type overridden — native API hooking for traffic interception. (lib\node\index.js)
2268
- [MEDIUM] prototype_hook: Request.prototype.accept overridden — native API hooking for traffic interception. (lib\node\index.js)
2269
- [MEDIUM] prototype_hook: Request.prototype.query overridden — native API hooking for traffic interception. (lib\node\index.js)
2270
- [MEDIUM] prototype_hook: Request.prototype.write overridden — native API hooking for traffic interception. (lib\node\index.js)
2271
- [MEDIUM] prototype_hook: Request.prototype.pipe overridden — native API hooking for traffic interception. (lib\node\index.js)
2272
- [MEDIUM] prototype_hook: Request.prototype._pipeContinue overridden — native API hooking for traffic interception. (lib\node\index.js)
2273
- [MEDIUM] prototype_hook: Request.prototype.buffer overridden — native API hooking for traffic interception. (lib\node\index.js)
2274
- [MEDIUM] prototype_hook: Request.prototype._redirect overridden — native API hooking for traffic interception. (lib\node\index.js)
2275
- [MEDIUM] prototype_hook: Request.prototype.auth overridden — native API hooking for traffic interception. (lib\node\index.js)
2276
- [MEDIUM] prototype_hook: Request.prototype.ca overridden — native API hooking for traffic interception. (lib\node\index.js)
2277
- [MEDIUM] prototype_hook: Request.prototype.key overridden — native API hooking for traffic interception. (lib\node\index.js)
2278
- [MEDIUM] prototype_hook: Request.prototype.pfx overridden — native API hooking for traffic interception. (lib\node\index.js)
2279
- [MEDIUM] prototype_hook: Request.prototype.cert overridden — native API hooking for traffic interception. (lib\node\index.js)
2280
- [MEDIUM] prototype_hook: Request.prototype.disableTLSCerts overridden — native API hooking for traffic interception. (lib\node\index.js)
2281
- [MEDIUM] prototype_hook: Request.prototype.request overridden — native API hooking for traffic interception. (lib\node\index.js)
2282
- [MEDIUM] prototype_hook: Request.prototype.callback overridden — native API hooking for traffic interception. (lib\node\index.js)
2283
- [MEDIUM] prototype_hook: Request.prototype._isHost overridden — native API hooking for traffic interception. (lib\node\index.js)
2284
- [MEDIUM] prototype_hook: Request.prototype._emitResponse overridden — native API hooking for traffic interception. (lib\node\index.js)
2285
- [MEDIUM] prototype_hook: Request.prototype._emitRedirect overridden — native API hooking for traffic interception. (lib\node\index.js)
2286
- [MEDIUM] prototype_hook: Request.prototype.end overridden — native API hooking for traffic interception. (lib\node\index.js)
2287
- [MEDIUM] prototype_hook: Request.prototype._end overridden — native API hooking for traffic interception. (lib\node\index.js)
2288
- [MEDIUM] prototype_hook: Request.prototype._shouldDecompress overridden — native API hooking for traffic interception. (lib\node\index.js)
2289
- [MEDIUM] prototype_hook: Request.prototype.connect overridden — native API hooking for traffic interception. (lib\node\index.js)
2290
- [MEDIUM] prototype_hook: Request.prototype.trustLocalhost overridden — native API hooking for traffic interception. (lib\node\index.js)
2291
- [MEDIUM] prototype_hook: Response.prototype.destroy overridden — native API hooking for traffic interception. (lib\node\response.js)
2292
- [MEDIUM] prototype_hook: Response.prototype.pause overridden — native API hooking for traffic interception. (lib\node\response.js)
2293
- [MEDIUM] prototype_hook: Response.prototype.resume overridden — native API hooking for traffic interception. (lib\node\response.js)
2294
- [MEDIUM] prototype_hook: Response.prototype.toError overridden — native API hooking for traffic interception. (lib\node\response.js)
2295
- [MEDIUM] prototype_hook: Response.prototype.setStatusProperties overridden — native API hooking for traffic interception. (lib\node\response.js)
2296
- [MEDIUM] prototype_hook: Response.prototype.toJSON overridden — native API hooking for traffic interception. (lib\node\response.js)
2297
- ky: score 46
2298
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2299
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (distribution\core\constants.js)
2300
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: distribution\core\constants.js → distribution/core/constants.js) (distribution/core/constants.js)
2301
- bent: score 43
2302
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (src\browser.js)
2303
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: src\browser.js → src/browser.js) (src/browser.js)
2304
- needle: score 43
2305
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\needle.js)
2306
- [LOW] high_entropy_string: High entropy string (6.48 bits, 89 chars) — possible base64/hex/encrypted payload (test\cookies_spec.js)
2307
- [LOW] high_entropy_string: High entropy string (5.84 bits, 737 chars) — possible base64/hex/encrypted payload (test\cookies_spec.js)
2308
- [LOW] high_entropy_string: High entropy string (6.08 bits, 137 chars) — possible base64/hex/encrypted payload (test\cookies_spec.js)
2309
- [LOW] high_entropy_string: High entropy string (5.66 bits, 401 chars) — possible base64/hex/encrypted payload (test\cookies_spec.js)
2310
- [LOW] js_obfuscation_pattern: Long base64 payload detected (488 chars) — possible encoded malicious code (test\post_data_spec.js)
2311
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\needle.js → lib/needle.js) (lib/needle.js)
2312
- request: score 80
2313
- [MEDIUM] prototype_hook: Request.prototype.debug overridden — native API hooking for traffic interception. (request.js)
2314
- [MEDIUM] prototype_hook: Request.prototype.init overridden — native API hooking for traffic interception. (request.js)
2315
- [MEDIUM] prototype_hook: Request.prototype.getNewAgent overridden — native API hooking for traffic interception. (request.js)
2316
- [MEDIUM] prototype_hook: Request.prototype.start overridden — native API hooking for traffic interception. (request.js)
2317
- [MEDIUM] prototype_hook: Request.prototype.onRequestError overridden — native API hooking for traffic interception. (request.js)
2318
- [MEDIUM] prototype_hook: Request.prototype.onRequestResponse overridden — native API hooking for traffic interception. (request.js)
2319
- [MEDIUM] prototype_hook: Request.prototype.readResponseBody overridden — native API hooking for traffic interception. (request.js)
2320
- [MEDIUM] prototype_hook: Request.prototype.abort overridden — native API hooking for traffic interception. (request.js)
2321
- [MEDIUM] prototype_hook: Request.prototype.pipeDest overridden — native API hooking for traffic interception. (request.js)
2322
- [MEDIUM] prototype_hook: Request.prototype.qs overridden — native API hooking for traffic interception. (request.js)
2323
- [MEDIUM] prototype_hook: Request.prototype.form overridden — native API hooking for traffic interception. (request.js)
2324
- [MEDIUM] prototype_hook: Request.prototype.multipart overridden — native API hooking for traffic interception. (request.js)
2325
- [MEDIUM] prototype_hook: Request.prototype.json overridden — native API hooking for traffic interception. (request.js)
2326
- [MEDIUM] prototype_hook: Request.prototype.getHeader overridden — native API hooking for traffic interception. (request.js)
2327
- [MEDIUM] prototype_hook: Request.prototype.enableUnixSocket overridden — native API hooking for traffic interception. (request.js)
2328
- [MEDIUM] prototype_hook: Request.prototype.auth overridden — native API hooking for traffic interception. (request.js)
2329
- [MEDIUM] prototype_hook: Request.prototype.aws overridden — native API hooking for traffic interception. (request.js)
2330
- [MEDIUM] prototype_hook: Request.prototype.httpSignature overridden — native API hooking for traffic interception. (request.js)
2331
- [MEDIUM] prototype_hook: Request.prototype.hawk overridden — native API hooking for traffic interception. (request.js)
2332
- [MEDIUM] prototype_hook: Request.prototype.oauth overridden — native API hooking for traffic interception. (request.js)
2333
- [MEDIUM] prototype_hook: Request.prototype.jar overridden — native API hooking for traffic interception. (request.js)
2334
- [MEDIUM] prototype_hook: Request.prototype.pipe overridden — native API hooking for traffic interception. (request.js)
2335
- [MEDIUM] prototype_hook: Request.prototype.write overridden — native API hooking for traffic interception. (request.js)
2336
- [MEDIUM] prototype_hook: Request.prototype.end overridden — native API hooking for traffic interception. (request.js)
2337
- [MEDIUM] prototype_hook: Request.prototype.pause overridden — native API hooking for traffic interception. (request.js)
2338
- [MEDIUM] prototype_hook: Request.prototype.resume overridden — native API hooking for traffic interception. (request.js)
2339
- [MEDIUM] prototype_hook: Request.prototype.destroy overridden — native API hooking for traffic interception. (request.js)
2340
- [MEDIUM] prototype_hook: Request.prototype.clearTimeout overridden — native API hooking for traffic interception. (request.js)
2341
- [MEDIUM] prototype_hook: Request.prototype.toJSON overridden — native API hooking for traffic interception. (request.js)
2342
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (request.js)
2343
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (request.js)
2344
- graceful-fs: score 25
2345
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (fs.readFile, fs.readdir, fs.readdir) + write to sensitive path (fs.writeFile) (graceful-fs.js)
2346
- tar: score 79
2347
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2348
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (USER) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\commonjs\index.min.js)
2349
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (USER) + network send (get, get) (dist\commonjs\write-entry.js)
2350
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (USER) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\esm\index.min.js)
2351
- [MEDIUM] suspicious_dataflow: Suspicious flow: credentials read (USER) + network send (get, get) (dist\esm\write-entry.js)
2352
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\commonjs\index.min.js)
2353
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\commonjs\index.min.js → dist\commonjs\write-entry.js) (dist\commonjs\write-entry.js)
2354
- log4js: score 29
2355
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2356
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\appenders\index.js)
2357
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\clustering.js)
2358
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\clustering.js → lib/appenders/multiprocess.js) (lib/appenders/multiprocess.js)
2359
- typescript: score 100
2360
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (lib\typescript.js)
2361
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\typescript.js)
2362
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\typescript.js)
2363
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\typescript.js)
2364
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (lib\_tsc.js)
2365
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\_tsc.js)
2366
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\_tsc.js)
2367
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (lib\typescript.js)
2368
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (lib\_tsc.js)
2369
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.platform, process.env[dynamic], fs.readFileSync, fs.readdirSync) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, post, get, post, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, get) (lib\typescript.js)
2370
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (os.platform, process.env[dynamic], fs.readFileSync, fs.readdirSync) + write to sensitive path (fs.writeFileSync) (lib\typescript.js)
2371
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (os.platform, process.env[dynamic], fs.readFileSync, fs.readdirSync) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, post, get, post, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (lib\_tsc.js)
2372
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (os.platform, process.env[dynamic], fs.readFileSync, fs.readdirSync) + write to sensitive path (fs.writeFileSync) (lib\_tsc.js)
2373
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (USERPROFILE, HOME, LOGNAME, USER, LOGNAME, USER) + network send (get) (lib\_tsserver.js)
2374
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\typescript.js)
2375
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (lib\typescript.js)
2376
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\typescript.js → lib\_tsc.js) (lib\_tsc.js)
2377
- @vue/compiler-sfc: score 89
2378
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (dist\compiler-sfc.cjs.js)
2379
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (dist\compiler-sfc.cjs.js)
2380
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (dist\compiler-sfc.cjs.js)
2381
- [MEDIUM] require_cache_poison: require.cache accessed — module cache poisoning to hijack or replace core Node.js modules. (dist\compiler-sfc.cjs.js)
2382
- [LOW] vm_code_execution: vm.runInNewContext() — dynamic code execution via Node.js vm module bypasses eval detection. (dist\compiler-sfc.cjs.js)
2383
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\compiler-sfc.cjs.js)
2384
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiler-sfc.cjs.js)
2385
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\compiler-sfc.esm-browser.js)
2386
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\compiler-sfc.esm-browser.js)
2387
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\compiler-sfc.esm-browser.js)
2388
- [LOW] obfuscation_detected: Code obfusque (score: 75). Signaux: hex_escapes, unicode_escapes, base64_eval (dist\compiler-sfc.esm-browser.js)
2389
- [HIGH] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\compiler-sfc.cjs.js)
2390
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\compiler-sfc.cjs.js)
2391
- npm-run-all: score 65
2392
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (npm_execpath) + network send (get) (lib\run-task.js)
2393
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\run-task.js)
2394
- npm-run-all2: score 65
2395
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (npm_execpath, npm_execpath, npm_execpath, npm_execpath, npm_execpath, npm_config_user_agent, npm_config_user_agent, PNPM_SCRIPT_SRC_DIR) + network send (get) (lib\run-task.js)
2396
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\run-task.js)
2397
- start-server-and-test: score 22
2398
- [MEDIUM] lifecycle_script: Script "test2" contains network command (curl/wget/nc/nslookup). Unusual for "test2". (package.json)
2399
- [MEDIUM] lifecycle_script: Script "test3" contains network command (curl/wget/nc/nslookup). Unusual for "test3". (package.json)
2400
- [MEDIUM] lifecycle_script: Script "test4" contains network command (curl/wget/nc/nslookup). Unusual for "test4". (package.json)
2401
- [MEDIUM] lifecycle_script: Script "demo-multiple" contains network command (curl/wget/nc/nslookup). Unusual for "demo-multiple". (package.json)
2402
- [HIGH] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (src\utils.js)
2403
- nunjucks: score 100
2404
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2405
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (browser\nunjucks-slim.js)
2406
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (browser\nunjucks-slim.js)
2407
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (browser\nunjucks-slim.min.js)
2408
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (browser\nunjucks-slim.min.js)
2409
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (browser\nunjucks.js)
2410
- [HIGH] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (browser\nunjucks.js)
2411
- [CRITICAL] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (browser\nunjucks.js)
2412
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (browser\nunjucks.js)
2413
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (browser\nunjucks.min.js)
2414
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (browser\nunjucks.min.js)
2415
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (browser\nunjucks.min.js)
2416
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (browser\nunjucks.min.js)
2417
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (src\environment.js)
2418
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (browser\nunjucks.js)
2419
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: browser\nunjucks.js → browser/nunjucks.js) (browser/nunjucks.js)
2420
- art-template: score 21
2421
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\compile\compiler.js)
2422
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\extension.js)
2423
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\extension.js)
2424
- [LOW] dynamic_require: Dynamic require() with variable argument (module name obfuscation). (lib\precompile.js)
2425
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\template-web.js)
2426
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (lib\template-web.js)
2427
- @reduxjs/toolkit: score 24
2428
- [MEDIUM] lifecycle_script: Script "prepack" detected. Common attack vector. (package.json)
2429
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\query\cjs\rtk-query.development.cjs)
2430
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\query\cjs\rtk-query.production.min.cjs)
2431
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\query\rtk-query.browser.mjs)
2432
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\query\rtk-query.legacy-esm.js)
2433
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\query\rtk-query.modern.mjs)
2434
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\query\cjs\rtk-query.development.cjs → src/mapBuilders.ts) (src/mapBuilders.ts)
2435
- recoil: score 67
2436
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (cjs\index.js)
2437
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (es\index.js)
2438
- [LOW] env_access: Dynamic access to process.env (variable key). (es\index.mjs)
2439
- [LOW] env_access: Dynamic access to process.env (variable key). (native\index.js)
2440
- [LOW] env_access: Dynamic access to process.env (variable key). (umd\index.js)
2441
- [LOW] env_access: Dynamic access to process.env (variable key). (umd\index.min.js)
2442
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (cjs\index.js)
2443
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (es\index.js)
2444
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (es\index.mjs)
2445
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (native\index.js)
2446
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (umd\index.js)
2447
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (umd\index.min.js)
2448
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cjs\index.js)
2449
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: cjs\index.js → es\index.js) (es\index.js)
2450
- @apollo/server: score 36
2451
- [MEDIUM] env_access: Destructured access to sensitive env var: const { APOLLO_KEY } = process.env. (dist\cjs\determineApolloConfig.js)
2452
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\cjs\plugin\usageReporting\plugin.js)
2453
- [MEDIUM] env_access: Destructured access to sensitive env var: const { APOLLO_KEY } = process.env. (dist\esm\determineApolloConfig.js)
2454
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\esm\plugin\usageReporting\plugin.js)
2455
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname, os.platform, os.type, os.release, os.arch) + network send (get, get, get, get, get, get, get, get) (dist\esm\plugin\usageReporting\plugin.js)
2456
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\cjs\determineApolloConfig.js → dist\esm\plugin\usageReporting\plugin.js) (dist\esm\plugin\usageReporting\plugin.js)
2457
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\esm\plugin\usageReporting\plugin.js)
2458
- @apollo/client: score 47
2459
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (link\batch-http\BaseBatchHttpLink.js)
2460
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (link\http\BaseHttpLink.js)
2461
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (react\hooks\useSuspenseQuery.js)
2462
- [HIGH] dangerous_call_eval: Dynamic global dispatch via computed property (global[ApolloErrorMessageHandler]) — likely indirect eval evasion. (utilities\invariant\index.js)
2463
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (__cjs\link\batch-http\BaseBatchHttpLink.cjs)
2464
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (__cjs\link\http\BaseHttpLink.cjs)
2465
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (__cjs\react\hooks\useSuspenseQuery.cjs)
2466
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: link\batch-http\BaseBatchHttpLink.js → core/ObservableQuery.js) (core/ObservableQuery.js)
2467
- jimp: score 80
2468
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\browser\index.js)
2469
- [LOW] dangerous_call_function: Indirect Function via alias "a" — eval wrapper evasion. (dist\browser\index.js)
2470
- [LOW] dangerous_call_eval: eval() with dangerous API in string literal: "require" (dist\browser\index.js)
2471
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\browser\index.js)
2472
- [MEDIUM] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\browser\index.js)
2473
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\browser\index.js)
2474
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\browser\index.js)
2475
- [HIGH] staged_payload: Network fetch + eval() in same file (staged payload execution). (dist\browser\index.js)
2476
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\browser\index.js)
2477
- svgo: score 68
2478
- [LOW] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (dist\svgo-node.cjs)
2479
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\svgo.browser.js)
2480
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\svgo.browser.js)
2481
- [MEDIUM] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\svgo.browser.js)
2482
- [HIGH] dynamic_import: Dynamic import() with computed argument (possible obfuscation). (lib\svgo-node.js)
2483
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\svgo.browser.js)
2484
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\svgo.browser.js)
2485
- clean-css: score 49
2486
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\clean.js)
2487
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\reader\apply-source-maps.js)
2488
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\reader\read-sources.js)
2489
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\clean.js → lib/reader/apply-source-maps.js) (lib/reader/apply-source-maps.js)
2490
- js-beautify: score 23
2491
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (js\lib\beautifier.js)
2492
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (js\lib\beautify.js)
2493
- [LOW] dangerous_call_eval: Indirect eval via alias "__eval" — eval wrapper evasion. (js\lib\unpackers\myobfuscate_unpacker.js)
2494
- [LOW] dangerous_call_eval: Indirect eval via alias "__eval" — eval wrapper evasion. (js\lib\unpackers\p_a_c_k_e_r_unpacker.js)
2495
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (js\lib\unpackers\urlencode_unpacker.js)
2496
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (js\src\javascript\tokenizer.js)
2497
- [LOW] dangerous_call_eval: Indirect eval via alias "__eval" — eval wrapper evasion. (js\src\unpackers\myobfuscate_unpacker.js)
2498
- [LOW] dangerous_call_eval: Indirect eval via alias "__eval" — eval wrapper evasion. (js\src\unpackers\p_a_c_k_e_r_unpacker.js)
2499
- [LOW] dynamic_require: Dynamic require() with string concatenation (module name obfuscation). (js\src\unpackers\urlencode_unpacker.js)
2500
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (js\lib\beautifier.js)
2501
- [LOW] obfuscation_detected: Code obfusque (score: 70). Signaux: hex_escapes, unicode_escapes, string_array (js\lib\beautify.js)
2502
- mathjs: score 46
2503
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\browser\math.js)
2504
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\browser\math.js)
2505
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\AccessorNode.js)
2506
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\AccessorNode.js)
2507
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\AssignmentNode.js)
2508
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\AssignmentNode.js)
2509
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\BlockNode.js)
2510
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\BlockNode.js)
2511
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\ConditionalNode.js)
2512
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\ConditionalNode.js)
2513
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\FunctionNode.js)
2514
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\FunctionNode.js)
2515
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\ParenthesisNode.js)
2516
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\ParenthesisNode.js)
2517
- [HIGH] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\cjs\expression\node\RangeNode.js)
2518
- [HIGH] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\cjs\expression\node\RangeNode.js)
2519
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\AccessorNode.js)
2520
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\AccessorNode.js)
2521
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\AssignmentNode.js)
2522
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\AssignmentNode.js)
2523
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\BlockNode.js)
2524
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\BlockNode.js)
2525
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\ConditionalNode.js)
2526
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\ConditionalNode.js)
2527
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\FunctionNode.js)
2528
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\FunctionNode.js)
2529
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\ParenthesisNode.js)
2530
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\ParenthesisNode.js)
2531
- [LOW] module_compile: module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern). (lib\esm\expression\node\RangeNode.js)
2532
- [LOW] module_compile_dynamic: In-memory code execution via Module._compile(). Common malware evasion technique. (lib\esm\expression\node\RangeNode.js)
2533
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: long_single_lines, unicode_escapes (lib\browser\math.js)
2534
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (lib\esm\expression\parse.js)
2535
- d3: score 42
2536
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\d3.js)
2537
- [LOW] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\d3.js)
2538
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\d3.js)
2539
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\d3.min.js)
2540
- [HIGH] remote_code_load: Remote code loading: network fetch + dynamic eval/Function in same file — multi-stage payload execution. (dist\d3.min.js)
2541
- [LOW] possible_obfuscation: File difficult to parse, possibly obfuscated. (dist\d3.min.js)
2542
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\d3.js)
2543
- dotenv: score 100
2544
- [HIGH] env_access: Access to sensitive variable process.env.DOTENV_CONFIG_DOTENV_KEY. (lib\env-options.js)
2545
- [HIGH] env_access: Access to sensitive variable process.env.DOTENV_KEY. (lib\main.js)
2546
- [HIGH] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (lib\main.js)
2547
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (DOTENV_KEY, DOTENV_KEY, DOTENV_KEY, os.homedir, process.env[dynamic], process.env[dynamic]) + network send (get) (lib\main.js)
2548
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\env-options.js → lib\main.js) (lib\main.js)
2549
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\main.js)
2550
- kue: score 45
2551
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\http\public\javascripts\jquery.min.js)
2552
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (lib\queue\job.js)
2553
- [CRITICAL] staged_payload: Network fetch + eval() in same file (staged payload execution). (lib\queue\job.js)
2554
- [HIGH] typosquat_detected: Package "reds" resembles "redux" (missing_char). Age: 5337d, Downloads: 31822/week, Author packages: 516, No README: false, No repo: false. Confidence: LOW (package.json)
2555
- nodemailer: score 86
2556
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\errors.js)
2557
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\mailer\index.js)
2558
- [HIGH] env_access: Access to sensitive variable process.env.ETHEREAL_API_KEY. (lib\nodemailer.js)
2559
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\smtp-connection\index.js)
2560
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\xoauth2\index.js)
2561
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey) + network send (get) (lib\dkim\sign.js)
2562
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (ETHEREAL_API_KEY) + network send (get) (lib\nodemailer.js)
2563
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.networkInterfaces) + network send (get, dns.lookup, get) (lib\shared\index.js)
2564
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (os.hostname) + network send (get, tls.connect, socket.connect) (lib\smtp-connection\index.js)
2565
- [MEDIUM] high_entropy_string: High entropy string (5.88 bits, 134 chars) — possible base64/hex/encrypted payload (lib\qp\index.js)
2566
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\errors.js → lib\dkim\sign.js) (lib\dkim\sign.js)
2567
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\nodemailer.js)
2568
- mailgun.js: score 100
2569
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (AMD\mailgun.amd.js)
2570
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (CJS\mailgun.node.cjs)
2571
- [HIGH] dangerous_call_function: Indirect Function via alias "v" — eval wrapper evasion. (CJS\mailgun.node.cjs)
2572
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (CJS\mailgun.node.cjs)
2573
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (CJS\mailgun.node.cjs)
2574
- [HIGH] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (CJS\mailgun.node.cjs)
2575
- [HIGH] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (CJS\mailgun.node.cjs)
2576
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (CJS\mailgun.node.cjs)
2577
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (ESM\mailgun.browser.js)
2578
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (ESM\mailgun.node.js)
2579
- [HIGH] dangerous_call_function: Indirect Function via alias "x" — eval wrapper evasion. (ESM\mailgun.node.js)
2580
- [HIGH] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (ESM\mailgun.node.js)
2581
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (ESM\mailgun.node.js)
2582
- [HIGH] env_harvesting_dynamic: Dynamic environment variable harvesting with sensitive pattern matching. Credential theft technique. (ESM\mailgun.node.js)
2583
- [HIGH] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (ESM\mailgun.node.js)
2584
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (ESM\mailgun.node.js)
2585
- [LOW] prototype_hook: Request.prototype.request overridden — native API hooking for traffic interception. (Types\index.js)
2586
- [LOW] prototype_hook: Request.prototype.setSubaccountHeader overridden — native API hooking for traffic interception. (Types\index.js)
2587
- [LOW] prototype_hook: Request.prototype.resetSubaccountHeader overridden — native API hooking for traffic interception. (Types\index.js)
2588
- [LOW] prototype_hook: Request.prototype.query overridden — native API hooking for traffic interception. (Types\index.js)
2589
- [LOW] prototype_hook: Request.prototype.command overridden — native API hooking for traffic interception. (Types\index.js)
2590
- [LOW] prototype_hook: Request.prototype.get overridden — native API hooking for traffic interception. (Types\index.js)
2591
- [LOW] prototype_hook: Request.prototype.post overridden — native API hooking for traffic interception. (Types\index.js)
2592
- [LOW] prototype_hook: Request.prototype.postWithFD overridden — native API hooking for traffic interception. (Types\index.js)
2593
- [LOW] prototype_hook: Request.prototype.putWithFD overridden — native API hooking for traffic interception. (Types\index.js)
2594
- [LOW] prototype_hook: Request.prototype.patchWithFD overridden — native API hooking for traffic interception. (Types\index.js)
2595
- [LOW] prototype_hook: Request.prototype.put overridden — native API hooking for traffic interception. (Types\index.js)
2596
- [LOW] prototype_hook: Request.prototype.delete overridden — native API hooking for traffic interception. (Types\index.js)
2597
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (Types\index.js)
2598
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (http.toString, request, http.request, request, http.toString, http.toString, http.toString, http.toString, get, request, http.request, request, http.request, http.toString, http.toString, request, get, get, get, http.get, get, http.get, request, request, https.hasOwnProperty, get, get, get, post, post, request, request, request, http.toString, get, get, get, get, get, http.get, get, get, get, post, get, post, get, get, get, get, get, get, get, get, get, get, get, post, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, get, get, get, get, get, get, get, post, post, get, post, get, get, post, post, post, post, get) (CJS\mailgun.node.cjs)
2599
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (request, request, get, request, request, request, get, get, get, get, request, request, get, get, get, post, post, request, request, request, get, get, get, get, get, get, get, get, post, get, post, get, get, get, get, get, get, get, get, get, get, get, post, get, get, get, get, get, get, get, get, get, get, get, get, get, get, post, get, get, get, get, get, get, get, get, post, post, get, post, get, get, post, post, post, post, get) (ESM\mailgun.node.js)
2600
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (AMD\mailgun.amd.js)
2601
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (CJS\mailgun.node.cjs)
2602
- [MEDIUM] high_entropy_string: High entropy string (6.00 bits, 64 chars) — possible base64/hex/encrypted payload (ESM\mailgun.browser.js)
2603
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: AMD\mailgun.amd.js → CJS\mailgun.node.cjs) (CJS\mailgun.node.cjs)
2604
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → exec_sink (CJS\mailgun.node.cjs)
2605
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (CJS\mailgun.node.cjs)
2606
- aws-sdk: score 82
2607
- [MEDIUM] lifecycle_script: Script "postinstall" detected. Common attack vector. (package.json)
2608
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\aws-sdk-core-react-native.js)
2609
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\aws-sdk-core-react-native.js)
2610
- [LOW] dangerous_call_function: Indirect Function via alias "$Function" — eval wrapper evasion. (dist\aws-sdk-core-react-native.js)
2611
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\aws-sdk-core-react-native.js)
2612
- [LOW] staged_binary_payload: Binary file reference (.png/.jpg/.wasm/etc.) + eval() in same file — possible steganographic payload execution. (dist\aws-sdk-core-react-native.js)
2613
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\aws-sdk-core-react-native.js)
2614
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (dist\aws-sdk.js)
2615
- [LOW] env_access: Dynamic access to process.env (variable key). (dist\aws-sdk.js)
2616
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\aws-sdk.js)
2617
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\aws-sdk.min.js)
2618
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\xml2js.js)
2619
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\config_regional_endpoint.js)
2620
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\credentials\chainable_temporary_credentials.js)
2621
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\credentials\environment_credentials.js)
2622
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\credentials\remote_credentials.js)
2623
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\credentials\temporary_credentials.js)
2624
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\credentials\token_file_web_identity_credentials.js)
2625
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\discover_endpoint.js)
2626
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\event_listeners.js)
2627
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\http\node.js)
2628
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\metadata_service.js)
2629
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\metadata_service.js)
2630
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\node_loader.js)
2631
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\publisher\configuration.js)
2632
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\service.js)
2633
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\services\s3util.js)
2634
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\util.js)
2635
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (AWS_EXECUTION_ENV, AWS_EXECUTION_ENV, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], AWS_PROFILE, AWS_EXECUTION_ENV, AWS_EXECUTION_ENV, AWS_SDK_JS_SUPPRESS_MAINTENANCE_MODE_MESSAGE) + network send (get, get, get, get, get, get, get) (dist\aws-sdk-core-react-native.js)
2636
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey, privateKey, privateKey, process.env[dynamic], process.env[dynamic], AWS_PROFILE, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], AWS_PROFILE, process.env[dynamic], process.env[dynamic], AWS_EXECUTION_ENV, AWS_EXECUTION_ENV, AWS_SDK_JS_SUPPRESS_MAINTENANCE_MODE_MESSAGE, process.env[dynamic], process.env[dynamic], process.env[dynamic], AWS_PROFILE, AWS_EXECUTION_ENV, AWS_EXECUTION_ENV, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get) (dist\aws-sdk.js)
2637
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey, privateKey, privateKey) + network send (get, get, get, get, get, get, get) (dist\aws-sdk.min.js)
2638
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get) (lib\credentials\environment_credentials.js)
2639
- [LOW] suspicious_dataflow: Suspicious flow: command output (AWS_PROFILE, child_process.exec) + network send (get) (lib\credentials\process_credentials.js)
2640
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (request) (lib\credentials\remote_credentials.js)
2641
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (AWS_PROFILE) + network send (get) (lib\credentials\shared_ini_file_credentials.js)
2642
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (AWS_PROFILE, readFileSync) + network send (get, get) (lib\credentials\sso_credentials.js)
2643
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], AWS_PROFILE) + network send (get, get) (lib\discover_endpoint.js)
2644
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (request, http.request) (lib\http\node.js)
2645
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (AWS_PROFILE, process.env[dynamic], AWS_EC2_METADATA_DISABLED, AWS_EC2_METADATA_V1_DISABLED, AWS_EC2_METADATA_V1_DISABLED) + network send (request, request, request) (lib\metadata_service.js)
2646
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (AWS_PROFILE, readFileSync) + network send (get) (lib\token\sso_token_provider.js)
2647
- [CRITICAL] credential_tampering: Cache poisoning: sensitive data access (AWS_PROFILE, readFileSync) + write to sensitive path (writeFileSync) (lib\token\sso_token_provider.js)
2648
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (AWS_EXECUTION_ENV, AWS_EXECUTION_ENV, process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get) (lib\util.js)
2649
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\aws-sdk-core-react-native.js)
2650
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\aws-sdk-core-react-native.js)
2651
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\aws-sdk-core-react-native.js → dist\aws-sdk.js) (dist\aws-sdk.js)
2652
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (lib\token\sso_token_provider.js)
2653
- ses: score 47
2654
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2655
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\lockdown.cjs)
2656
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\lockdown.cjs)
2657
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\lockdown.cjs)
2658
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\lockdown.cjs)
2659
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\lockdown.cjs)
2660
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\lockdown.mjs)
2661
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\lockdown.mjs)
2662
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\lockdown.mjs)
2663
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\lockdown.mjs)
2664
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\lockdown.mjs)
2665
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\lockdown.umd.js)
2666
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\lockdown.umd.js)
2667
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\lockdown.umd.js)
2668
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\lockdown.umd.js)
2669
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\lockdown.umd.js)
2670
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\lockdown.umd.min.js)
2671
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\lockdown.umd.min.js)
2672
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\lockdown.umd.min.js)
2673
- [LOW] possible_obfuscation: File difficult to parse, possibly obfuscated. (dist\lockdown.umd.min.js)
2674
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\ses-hermes.cjs)
2675
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\ses-hermes.cjs)
2676
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\ses-hermes.cjs)
2677
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\ses-hermes.cjs)
2678
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\ses-hermes.cjs)
2679
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\ses.cjs)
2680
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\ses.cjs)
2681
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\ses.cjs)
2682
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\ses.cjs)
2683
- [MEDIUM] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\ses.cjs)
2684
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\ses.mjs)
2685
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\ses.mjs)
2686
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\ses.mjs)
2687
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\ses.mjs)
2688
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\ses.mjs)
2689
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\ses.umd.js)
2690
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\ses.umd.js)
2691
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\ses.umd.js)
2692
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\ses.umd.js)
2693
- [LOW] proxy_data_intercept: Proxy trap (set/get/apply) with network call in same file — data interception and exfiltration via Proxy handler. (dist\ses.umd.js)
2694
- [LOW] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (dist\ses.umd.min.js)
2695
- [LOW] dangerous_call_function: Indirect Function via alias "FERAL_FUNCTION" — eval wrapper evasion. (dist\ses.umd.min.js)
2696
- [LOW] dangerous_call_eval: Indirect eval via alias "FERAL_EVAL" — eval wrapper evasion. (dist\ses.umd.min.js)
2697
- [LOW] possible_obfuscation: File difficult to parse, possibly obfuscated. (dist\ses.umd.min.js)
2698
- [HIGH] dangerous_call_eval: Indirect eval via sequence expression ((0, eval)) — evasion technique. (src\tame-function-constructors.js)
2699
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\lockdown.cjs)
2700
- pdf-lib: score 36
2701
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\pdf-lib.esm.js)
2702
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\pdf-lib.js)
2703
- [HIGH] typosquat_detected: Package "tslint" resembles "tslib" (extra_char). Age: 4606d, Downloads: 2265158/week, Author packages: 153, No README: false, No repo: false. Confidence: LOW (package.json)
2704
- [HIGH] typosquat_detected: Package "ttypescript" resembles "typescript" (extra_char). Age: 3185d, Downloads: 148631/week, Author packages: 56, No README: false, No repo: false. Confidence: LOW (package.json)
2705
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\pdf-lib.esm.js → cjs/api/PDFDocument.d.ts) (cjs/api/PDFDocument.d.ts)
2706
- jspdf: score 85
2707
- [LOW] prototype_hook: XMLHttpRequest.prototype.send overridden — native API hooking for traffic interception. (dist\polyfills.es.js)
2708
- [LOW] prototype_hook: XMLHttpRequest.prototype.send overridden — native API hooking for traffic interception. (dist\polyfills.umd.js)
2709
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: hex_escapes, unicode_escapes, string_array, base64_eval (dist\jspdf.es.js)
2710
- [LOW] obfuscation_detected: Code obfusque (score: 75). Signaux: hex_escapes, unicode_escapes, base64_eval (dist\jspdf.node.js)
2711
- [LOW] obfuscation_detected: Code obfusque (score: 100). Signaux: hex_escapes, unicode_escapes, string_array, base64_eval (dist\jspdf.umd.js)
2712
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFileSync, fs.readFileSync, readFile, fs.readFile, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.toString) + network send (fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.toString) (dist\jspdf.node.min.js)
2713
- [HIGH] credential_tampering: Cache poisoning: sensitive data access (fs.toString, fs.toString, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, readFileSync, fs.readFileSync, readFile, fs.readFile, fs.hasOwnProperty, fs.hasOwnProperty, fs.hasOwnProperty, fs.toString) + write to sensitive path (writeFile, fs.writeFile, writeFileSync, fs.writeFileSync) (dist\jspdf.node.min.js)
2714
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\jspdf.node.min.js)
2715
- [HIGH] intent_credential_exfil: Intent coherence: credential_read → file_tamper (dist\jspdf.node.min.js)
2716
- exceljs: score 37
2717
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\exceljs.bare.js)
2718
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\exceljs.bare.js)
2719
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\exceljs.bare.js)
2720
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\exceljs.bare.min.js)
2721
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\exceljs.bare.min.js)
2722
- [LOW] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\exceljs.js)
2723
- [LOW] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (dist\exceljs.js)
2724
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\exceljs.js)
2725
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\exceljs.js)
2726
- [MEDIUM] crypto_decipher: createDecipheriv() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern). (dist\exceljs.min.js)
2727
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (dist\exceljs.min.js)
2728
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\exceljs.bare.js)
2729
- [LOW] obfuscation_detected: Code obfusque (score: 45). Signaux: unicode_escapes, string_array (dist\exceljs.js)
2730
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\exceljs.bare.js)
2731
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\exceljs.bare.min.js)
2732
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\exceljs.js)
2733
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (privateKey, privateKey, privateKey) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get) (dist\exceljs.min.js)
2734
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (dist\exceljs.bare.js)
2735
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (dist\exceljs.bare.js)
2736
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\exceljs.bare.js → dist\exceljs.bare.min.js) (dist\exceljs.bare.min.js)
2737
- bluebird: score 85
2738
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (js\browser\bluebird.core.js)
2739
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (js\browser\bluebird.core.js)
2740
- [LOW] env_access: Dynamic access to process.env (variable key). (js\browser\bluebird.core.js)
2741
- [LOW] env_access: Dynamic access to process.env (variable key). (js\browser\bluebird.core.min.js)
2742
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (js\browser\bluebird.js)
2743
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (js\browser\bluebird.js)
2744
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (js\browser\bluebird.js)
2745
- [LOW] env_access: Dynamic access to process.env (variable key). (js\browser\bluebird.min.js)
2746
- [LOW] dangerous_call_function: Function.apply() — indirect execution via call/apply evasion technique. (js\release\assert.js)
2747
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (js\release\call_get.js)
2748
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (js\release\join.js)
2749
- [LOW] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (js\release\promisify.js)
2750
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (js\release\util.js)
2751
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (js\release\util.js)
2752
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (eval) (js\browser\bluebird.core.js)
2753
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (eval) (js\browser\bluebird.js)
2754
- [HIGH] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (eval) (js\release\util.js)
2755
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (js\browser\bluebird.core.js)
2756
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (js\browser\bluebird.core.js)
2757
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: js\browser\bluebird.core.js → js\browser\bluebird.js) (js\browser\bluebird.js)
2758
- rxjs: score 36
2759
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (dist\bundles\rxjs.umd.js)
2760
- [HIGH] typosquat_detected: Package "color" resembles "colors" (missing_char). Age: 5372d, Downloads: 38822952/week, Author packages: 79, No README: false, No repo: false. Confidence: LOW (package.json)
2761
- [HIGH] typosquat_detected: Package "tslint" resembles "tslib" (extra_char). Age: 4606d, Downloads: 2265158/week, Author packages: 153, No README: false, No repo: false. Confidence: LOW (package.json)
2762
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: dist\bundles\rxjs.umd.js → src/internal/observable/dom/fetch.ts) (src/internal/observable/dom/fetch.ts)
2763
- puppeteer-core: score 90
2764
- [MEDIUM] lifecycle_script: Script "prepack" detected. Common attack vector. (package.json)
2765
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\cjs\puppeteer\bidi\Connection.js)
2766
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\cjs\puppeteer\node\BrowserLauncher.js)
2767
- [MEDIUM] env_access: Dynamic access to process.env (variable key). (lib\cjs\puppeteer\node\ChromeLauncher.js)
2768
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\cjs\puppeteer\util\Function.js)
2769
- [LOW] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\es5-iife\puppeteer-core-browser.js)
2770
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\esm\puppeteer\bidi\Connection.js)
2771
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\esm\puppeteer\node\BrowserLauncher.js)
2772
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\esm\puppeteer\node\ChromeLauncher.js)
2773
- [MEDIUM] dangerous_call_function: new Function() with dynamic expression (template/factory pattern). (lib\esm\puppeteer\util\Function.js)
2774
- [CRITICAL] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get) (lib\cjs\puppeteer\bidi\Connection.js)
2775
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic]) + network send (get) (lib\esm\puppeteer\bidi\Connection.js)
2776
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\cjs\puppeteer\bidi\Connection.js)
2777
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\cjs\puppeteer\bidi\Connection.js → lib\esm\puppeteer\bidi\Connection.js) (lib\esm\puppeteer\bidi\Connection.js)
2778
- jsdom: score 72
2779
- [MEDIUM] lifecycle_script: Script "prepare" detected. Common attack vector. (package.json)
2780
- [LOW] dangerous_call_eval: eval() with constant string literal (low risk, globalThis polyfill pattern). (lib\generated\idl\utils.js)
2781
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\jsdom\browser\resources\jsdom-dispatcher.js)
2782
- [MEDIUM] dangerous_call_function: Function() with dynamic expression (template/factory pattern). (lib\jsdom\living\helpers\create-event-accessor.js)
2783
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\jsdom\living\nodes\HTMLLinkElement-impl.js)
2784
- [HIGH] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (lib\jsdom\living\window\navigation.js)
2785
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\jsdom\living\xhr\xhr-utils.js)
2786
- [HIGH] credential_regex_harvest: Credential regex patterns (token/password/secret/Bearer) + network call in same file — stream data credential harvesting. (lib\jsdom\living\xhr\XMLHttpRequest-impl.js)
2787
- [CRITICAL] intent_credential_exfil: Intent coherence: credential_read → network_external (cross-file: lib\jsdom\browser\resources\jsdom-dispatcher.js → lib/jsdom/browser/resources/jsdom-dispatcher.js) (lib/jsdom/browser/resources/jsdom-dispatcher.js)
2788
- xml2js: score 38
2789
- [LOW] env_charcode_reconstruction: process.env accessed with dynamically reconstructed key (String.fromCharCode obfuscation). (lib\xml2js.bc.js)
2790
- [LOW] env_access: Dynamic access to process.env (variable key). (lib\xml2js.bc.js)
2791
- [LOW] dynamic_require: Object property indirection: fs = require('fs') — hiding dangerous module in object property. (lib\xml2js.bc.js)
2792
- [LOW] dangerous_call_eval: Dangerous call "eval" with dynamic expression detected. (lib\xml2js.bc.js)
2793
- [LOW] staged_payload: Network fetch + eval() in same file (staged payload execution). (lib\xml2js.bc.js)
2794
- [LOW] suspicious_dataflow: Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic]) + network send (get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, eval, get, get, get, get, get, get, get, get, get, get, get, eval, eval, eval, get, get, get, get, get, get, get) (lib\xml2js.bc.js)
2795
- [LOW] intent_credential_exfil: Intent coherence: credential_read → exec_sink (lib\xml2js.bc.js)
2796
- [LOW] intent_credential_exfil: Intent coherence: credential_read → network_external (lib\xml2js.bc.js)
2797
-
2798
- Saved: metrics\v2.5.17.json
2799
-