registry  /  @aeye/ginny  /  0.3.9

@aeye/ginny@0.3.9

Ginny — CLI that turns natural-language requests into executable gin programs

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 0 file(s), 256 KB of source, external domains: github.com
Oversized source lightweight scan
dist/index.js23.8 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsHighEntropyStringsUrlStringsgithub.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = echo ' Ginny installed! Run "ginny" in any project directory to start. On first run, a config.json template will be created — populate it with your provider API keys. '
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 24990179 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 24990179 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

2 High4 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License