registry  /  @arche-cms/cms  /  0.1.3

@arche-cms/cms@0.1.3

The main Arche CMS package. Provides a `cms` binary for development, building, code generation, and schema management.

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 36 file(s), 511 KB of source, external domains: react.dev, www.w3.org

Source & flagged code

3 flagged · loading source
dist/server/routes/schemas.jsView file
81patternName = generic_password severity = medium line = 81 matchedText = password...rd",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/server/routes/schemas.jsView on unpkg · L81
dist/commands/build.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @arche-cms/cms@0.1.1 matchedIdentity = npm:QGFyY2hlLWNtcy9jbXM:0.1.1 similarity = 0.914 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/build.jsView on unpkg
admin/assets/index-3ZMFoPjq.jsView file
9patternName = generic_password severity = medium line = 9 matchedText = `).repla...ma";
Medium
Secret Pattern

Hardcoded password in admin/assets/index-3ZMFoPjq.js

admin/assets/index-3ZMFoPjq.jsView on unpkg · L9

Findings

1 High5 Medium6 Low
HighPrevious Version Dangerous Deltadist/commands/build.js
MediumSecret Patterndist/server/routes/schemas.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternadmin/assets/index-3ZMFoPjq.js
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License