lazychat-erpnext
soumyasethy/lazychat-erpnextHigh risk — review the findings below
We found multiple concerning patterns in this package. Some of these might be legitimate (for example, a build tool might need to run commands), but you should review each finding below and decide if the explanations make sense for what this package claims to do.
What We Found(85 issues)
Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.
Caution. This package can turn any text into running code. A bad actor could trick it into running harmful commands on your computer. Legitimate tools almost never need this.
Technical details
eval() executes arbitrary strings as code. In an MCP context, this could allow prompt injection to escalate into code execution.
eval(Caution. This package can turn any text into running code. A bad actor could trick it into running harmful commands on your computer. Legitimate tools almost never need this.
Technical details
eval() executes arbitrary strings as code. In an MCP context, this could allow prompt injection to escalate into code execution.
eval(Caution. This package can turn any text into running code. A bad actor could trick it into running harmful commands on your computer. Legitimate tools almost never need this.
Technical details
eval() executes arbitrary strings as code. In an MCP context, this could allow prompt injection to escalate into code execution.
eval(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
spawn(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"KwAAAAAAAAAACA4AUD0AADAgAAACAAAAAAAIABAAGABAAEgAUABYAGAAaABgAGgAYgBqAF8AZwBgAGgAcQB5AHUAfQCFAI0AlQCdAKIAqgCyALoAYABoAGAAaABgAGgAwgDKAGAAaADGAM4A0wDbAOEA6QDxAPkAAQEJAQ8BFwF1AH0AHAEkASwBNAE6AUIBQQFJAVE…Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"AAAAAAAAAAAAEA4AGBkAAFAaAAACAAAAAAAIABAAGAAwADgACAAQAAgAEAAIABAACAAQAAgAEAAIABAACAAQAAgAEAAIABAAQABIAEQATAAIABAACAAQAAgAEAAIABAAVABcAAgAEAAIABAACAAQAGAAaABwAHgAgACIAI4AlgAIABAAmwCjAKgAsAC2AL4AvQDFAMo…Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"T1RUTwALAIAAAwAwQ0ZGIDHtZg4AAAOYAAAAgUZGVE1lkzZwAAAEHAAAABxHREVGABQAFQAABDgAAAAeT1MvMlYNYwkAAAEgAAAAYGNtYXABDQLUAAACNAAAAUJoZWFk/xVFDQAAALwAAAA2aGhlYQdkA+oAAAD0AAAAJGhtdHgD6AAAAAAEWAAAAAZtYXhwAAJQAAA…Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"440154470e61481a6c482575472f7d443a834144873d4e8a39568c35608d31688e2d708e2a788e27818e23888e21918d1f988b1fa08822a8842ab07f35b77943bf7154c56866cc5d7ad1518fd744a5db36bcdf27d2e21be9e51afde725"Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"0000040404130b0924150e3720114b2c11603b0f704a107957157e651a80721f817f24828c29819a2e80a8327db6377ac43c75d1426fde4968e95462f1605df76f5cfa7f5efc8f65fe9f6dfeaf78febf84fece91fddea0fcedaffcfdbf"Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"0000040403130c0826170c3b240c4f330a5f420a68500d6c5d126e6b176e781c6d86216b932667a12b62ae305cbb3755c73e4cd24644dd513ae65c30ed6925f3771af8850ffb9506fca50afcb519fac62df6d645f2e661f3f484fcffa4"Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"0d088723069033059742039d5002a25d01a66a00a87801a88405a7900da49c179ea72198b12a90ba3488c33d80cb4779d35171da5a69e16462e76e5bed7953f2834cf68f44fa9a3dfca636fdb32ffec029fcce25f9dc24f5ea27f0f921"Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"00205100235800265d002961012b65042e670831690d346b11366c16396d1c3c6e213f6e26426e2c456e31476e374a6e3c4d6e42506e47536d4c566d51586e555b6e5a5e6e5e616e62646f66676f6a6a706e6d717270717573727976737c79747f7c758…Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"6e40aa883eb1a43db3bf3cafd83fa4ee4395fe4b83ff576eff6659ff7847ff8c38f3a130e2b72fcfcc36bee044aff05b8ff4576ff65b52f6673af27828ea8d1ddfa319d0b81cbecb23abd82f96e03d82e14c6edb5a5dd0664dbf6e40aa"Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"ff4040fc582af47218e78d0bd5a703bfbf00a7d5038de70b72f41858fc2a40ff402afc5818f4720be78d03d5a700bfbf03a7d50b8de71872f42a58fc4040ff582afc7218f48d0be7a703d5bf00bfd503a7e70b8df41872fc2a58ff4040"Suspicious. This package contains hidden encoded text — like a secret message that gets decoded when the code runs. Legitimate packages don't usually hide their code this way. It could be a disguised payload.
Technical details
Long Base64-encoded strings (>128 chars) may contain obfuscated payloads. Legitimate code rarely embeds large encoded blobs inline.
"23171b32204a3e2a71453493493eae4b49c54a53d7485ee44569ee4074f53c7ff8378af93295f72e9ff42ba9ef28b3e926bce125c5d925cdcf27d5c629dcbc2de3b232e9a738ee9d3ff39347f68950f9805afc7765fd6e70fe667cfd5e88fc5795fb51a…Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.
Technical details
Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.
import(tFinding Summary
0
Critical
73
High
12
Medium
0
Low
0
Info