registry  /  @amityco/social-plus-vise  /  1.4.5

@amityco/social-plus-vise@1.4.5

Skill-guided deterministic CLI for social.plus SDK integration assistance.

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 37 file(s), 1.22 MB of source, external domains: github.com, learn.social.plus, registry.npmjs.org

Source & flagged code

1 flagged · loading source
package.jsonView file
scripts registry_only=bench,bench:audit-boundaries,bench:experience-calibration,bench:experience-calibration:advisory-seeds,bench:experience-calibration:conditional-feasibility,bench:experience-calibration:dogfood-preview,bench:experience-calibration:dogfood-summary,bench:experience-calibration:gate3-advisory-quality; devDependencies registry_only=@amityco/social-plus-schemas,@types/node,ajv,typescript
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg

Findings

1 Critical2 Medium5 Low
CriticalManifest Confusionpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License