js-beautify-ejsx @1.6.12
jsbeautifier.org for node
Maintainers
Keywords
Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| nopt | ~3.0.1 | auto_approved |
| mkdirp | ~0.5.0 | auto_approved |
| config-chain | ~1.1.5 | auto_approved |
| editorconfig | ^0.13.2 | auto_approved |
Dev Dependencies (5)
| Package | Constraint | Registry Status |
|---|---|---|
| jshint | ~2.9.1 | auto_approved |
| mustache | ~2.2.1 | auto_approved |
| benchmark | 2.1.0 | auto_approved |
| requirejs | 2.1.x | rejected |
| node-static | ~0.7.1 | rejected |
Transitive Dependency Tree
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Inflated semver on first publish and link-dump README are stable indicators of spam/impersonation for this package; generalizes to all versions. |
SAST Findings (5)
JavaScript packer pattern (eval(function(p,a,c,k,e,...))) detected Source: https://github.com/beautify-web/js-beautify/blob/9f2aa0445667b13b474ab973c464b74fc566e795/js/lib/unpackers/p_a_c_k_e_r_unpacker.js#L59 57 | var t = sanity_test || new SanityTest(); 58 | > 59 | var pk1 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e) 60 | var unpk1 = 'var a=1'; 61 | var pk2 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e)
JavaScript packer pattern (eval(function(p,a,c,k,e,...))) detected Source: https://github.com/beautify-web/js-beautify/blob/9f2aa0445667b13b474ab973c464b74fc566e795/js/lib/unpackers/p_a_c_k_e_r_unpacker.js#L61 59 | var pk1 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e) 60 | var unpk1 = 'var a=1'; > 61 | var pk2 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e) 62 | var unpk2 = 'foo b=1'; 63 | var pk_broken = "eval(function(p,a,c,k,e,r){BORKBORK;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[funct
JavaScript packer pattern (eval(function(p,a,c,k,e,...))) detected Source: https://github.com/beautify-web/js-beautify/blob/9f2aa0445667b13b474ab973c464b74fc566e795/js/lib/unpackers/p_a_c_k_e_r_unpacker.js#L63 61 | var pk2 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e) 62 | var unpk2 = 'foo b=1'; > 63 | var pk_broken = "eval(function(p,a,c,k,e,r){BORKBORK;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[funct 64 | var pk3 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e) 65 | var unpk3 = 'var a=1{}))';
JavaScript packer pattern (eval(function(p,a,c,k,e,...))) detected Source: https://github.com/beautify-web/js-beautify/blob/9f2aa0445667b13b474ab973c464b74fc566e795/js/lib/unpackers/p_a_c_k_e_r_unpacker.js#L64 62 | var unpk2 = 'foo b=1'; 63 | var pk_broken = "eval(function(p,a,c,k,e,r){BORKBORK;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[funct > 64 | var pk3 = "eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e) 65 | var unpk3 = 'var a=1{}))'; 66 |
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 100 (capped from 116). Findings: 4 high (+100), 1 medium (+10), 2 low (+6).
Commit: 9f2aa0445667 Browse source
Published to npm: