registry  /  @1sc-hq/1sc  /  0.1.2

@1sc-hq/1sc@0.1.2

Static Scan Results

scanned 14h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 8 file(s), 34.3 KB of source, external domains: www.1sc.dev

Source & flagged code

3 flagged · loading source
src/config.mjsView file
1import { execFile } from "node:child_process"; L2: import { chmod, mkdir, readFile, rm, writeFile } from "node:fs/promises"; ... L10: L11: function configHome(env = process.env) { L12: return env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config"); L13: } ... L30: L31: async function writeFilePrivate(filePath, value) { L32: await mkdir(path.dirname(filePath), { recursive: true, mode: 0o700 }); ... L38: try { L39: const parsed = JSON.parse(await readFile(configPath(env), "utf8")); L40: return {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/config.mjsView on unpkg · L1
matchType = previous_version_dangerous_delta matchedPackage = @1sc-hq/1sc@0.1.1 matchedIdentity = npm:QDFzYy1ocS8xc2M:0.1.1 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/config.mjsView on unpkg
path = 1sc kind = native_binary sizeBytes = 10552514 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

1scView on unpkg

Findings

2 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitysrc/config.mjs
HighPrevious Version Dangerous Deltasrc/config.mjs
MediumEnvironment Vars
MediumShips Native Binary1sc
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License