registry  /  @alienplatform/testing  /  1.13.0

@alienplatform/testing@1.13.0

Testing framework for Alien applications

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 22.4 KB of source, external domains: api.alien.dev

Source & flagged code

2 flagged · loading source
dist/index.jsView file
1import { n as TestingUnsupportedPlatformError, r as withTestingContext, t as TestingOperationFailedError } from "./errors.js"; L2: import { execFile, spawn } from "node:child_process"; L3: import { existsSync, readFileSync, rmSync } from "node:fs"; ... L18: function signalProcessTree$1(proc, signal) { L19: if (proc.pid && process.platform !== "win32") try { L20: process.kill(-proc.pid, signal); ... L86: const stackPath = resolve(this.appPath, ".alien", "stack.json"); L87: const stack = JSON.parse(readFileSync(stackPath, "utf-8")); L88: const releaseResp = await fetch(`${this.apiUrl}/v1/releases`, { L89: method: "POST", L90: headers, L91: body: JSON.stringify({ stack })
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L1
matchType = previous_version_dangerous_delta matchedPackage = @alienplatform/testing@1.10.7 matchedIdentity = npm:QGFsaWVucGxhdGZvcm0vdGVzdGluZw:1.10.7 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg

Findings

2 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
HighPrevious Version Dangerous Deltadist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings