registry  /  @1sc-hq/cli  /  0.1.1

@1sc-hq/cli@0.1.1

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 8 file(s), 29.1 KB of source, external domains: www.1sc.dev

Source & flagged code

2 flagged · loading source
src/config.mjsView file
1import { execFile } from "node:child_process"; L2: import { chmod, mkdir, readFile, rm, writeFile } from "node:fs/promises"; ... L10: L11: function configHome(env = process.env) { L12: return env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config"); L13: } ... L30: L31: async function writeFilePrivate(filePath, value) { L32: await mkdir(path.dirname(filePath), { recursive: true, mode: 0o700 }); ... L38: try { L39: const parsed = JSON.parse(await readFile(configPath(env), "utf8")); L40: return {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/config.mjsView on unpkg · L1
path = 1sc kind = native_binary sizeBytes = 10535746 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

1scView on unpkg

Findings

1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitysrc/config.mjs
MediumEnvironment Vars
MediumShips Native Binary1sc
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License