---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392)

The package's CLI flow (ppy generate) reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc (substring 754..799) via crypto-js AES, writes the plaintext to dist/index-run.js, executes it with child_process.spawn(process.execPath, [tempFile,...]), and deletes the temp file in a finally block. The encryption provides no functional benefit — code that needs to run on the user's machine could be shipped as plain JS — and serves only to conceal executable bytes from reviewers and scanners. Decryption-and-exec of opaque payloads is structurally equivalent to the eval(atob(blob)) dropper pattern: even if today's decrypted content is benign, the design allows the publisher to swap arbitrary code into future versions without any visible diff to reviewers. The self-deleting temp file (fs.unlinkSync of dist/index-run.js) further frustrates post-hoc forensic inspection. Additionally, the package name resembles the well-known prisma-client-py Python ORM, raising name-confusion concerns.