registry  /  @andespindola/pingu-dev-agent  /  0.1.49

@andespindola/pingu-dev-agent@0.1.49

Pingu - Dev Agent: agente de pair programming em tempo real (diagnosticos, quick fixes e geracao) para Vim/Neovim, e para qualquer editor via servidor LSP (VS Code, Helix, Zed, Emacs, Sublime).

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 89 file(s), 1.24 MB of source

Source & flagged code

5 flagged · loading source
lib/generation.jsView file
2438patternName = generic_password severity = medium line = 2438 matchedText = ' p...",',
Medium
Secret Pattern

Package contains a possible secret pattern.

lib/generation.jsView on unpkg · L2438
lib/analyzer-security.jsView file
59if (/\beval\s*\(\s*[A-Za-z_$`]/.test(masked)) { L60: return buildIssue(file, lineNumber, 'command_injection', 'eval() com entrada dinamica executa codigo arbitrario', 'Evite eval; use uma alternativa estruturada (JSON.parse, mapa de ... L61: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/analyzer-security.jsView on unpkg · L59
vim/autoload/pingu_dev_agent/guard_runtime.jsView file
2L3: const fs = require('fs'); L4: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

vim/autoload/pingu_dev_agent/guard_runtime.jsView on unpkg · L2
lib/analyzer.jsView file
88const DEFAULT_MAX_LINE_LENGTH = 120; L89: const DEBUG_ANALYZE_STEPS = /^(?:1|true|yes|on)$/i.test(String(process.env.PINGU_DEBUG_ANALYZE_STEPS || '')); L90: ... L123: if (DEBUG_ANALYZE_STEPS) { L124: process.stderr.write(`[PINGU_DEBUG] start ${label}\n`); L125: } ... L1293: () => source.match(/^(?:export\s+)?(?:default\s+)?(?:const|let|var)\s+([A-Za-z_$][A-Za-z0-9_$]*)\s*=\s*(?:async\s*)?(?:<[^>]+>\s*)?(?:\(([^)]*)\)|([A-Za-z_$][A-Za-z0-9_$]*))\s*(?::... L1294: () => source.match(/^(?:(?:public|private|protected|static|readonly|declare|override|abstract)\s+)*(#?[A-Za-z_$][A-Za-z0-9_$]*)\s*=\s*(?:async\s*)?(?:<[^>]+>\s*)?(?:\(([^)]*)\)|([A... L1295: () => source.match(/^(?:(?:public|private|protected|static|async|get|set|override|readonly|abstract|declare)\s+)*(#?[A-Za-z_$][A-Za-z0-9_$]*)\s*(?:<[^>]+>)?\s*\(([^)]*)\)\s*(?::\s*...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/analyzer.jsView on unpkg · L88
README.mdView file
93patternName = generic_password severity = medium line = 93 matchedText = | Segred...as |
Medium
Secret Pattern

Hardcoded password in README.md

README.mdView on unpkg · L93

Findings

5 Medium5 Low
MediumSecret Patternlib/generation.js
MediumDynamic Requirevim/autoload/pingu_dev_agent/guard_runtime.js
MediumNetwork
MediumEnvironment Vars
MediumSecret PatternREADME.md
LowScripts Present
LowEvallib/analyzer-security.js
LowWeak Cryptolib/analyzer.js
LowFilesystem
LowHigh Entropy Strings