registry  /  @aroman22/codegraph-vba-linux-arm64  /  1.5.1

@aroman22/codegraph-vba-linux-arm64@1.5.1

CodeGraph self-contained bundle for linux-arm64

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 88.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; source closely matched a different package identity

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 152 file(s), 2.75 MB of source, external domains: ai.getcodegraph.com, antigravity.google, api.github.com, app.getcodegraph.com, docs.claude.com, docs.cursor.com, geminicli.com, github.com, hermes-agent.nousresearch.com, kiro.dev, opencode.ai, raw.githubusercontent.com, telemetry.getcodegraph.com

Source & flagged code

8 flagged · loading source
lib/dist/upgrade/index.jsView file
78const https = __importStar(require("https")); L79: const child_process_1 = require("child_process"); L80: exports.REPO = 'ardelperal/codegraph';
High
Child Process

Package source references child process execution.

lib/dist/upgrade/index.jsView on unpkg · L78
matchType = package_source_clone_identity_mismatch matchedPackage = codegraph-vba-linux-arm64@1.3.2 matchedPath = lib/dist/bin/command-supervision.js matchedIdentity = npm:[redacted]:1.3.2 similarity = 0.912 shingleOverlap = 73 summary = source files closely matched a different published package identity
High
Package Source Clone Identity Mismatch

Package source closely matches a different published package identity; review for dependency-confusion or copied-code abuse.

lib/dist/upgrade/index.jsView on unpkg
lib/dist/bin/codegraph.jsView file
89// eslint-disable-next-line @typescript-eslint/no-implied-eval L90: const importESM = new Function('specifier', 'return import(specifier)'); L91: // Block CodeGraph on Node.js 25.x — V8's turboshaft WASM JIT has a Zone
High
Eval

Package source references dynamic code evaluation.

lib/dist/bin/codegraph.jsView on unpkg · L89
lib/dist/ui/shimmer-worker.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: const worker_threads_1 = require("worker_threads"); L4: const fs_1 = require("fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/dist/ui/shimmer-worker.jsView on unpkg · L2
lib/dist/reasoning/login.jsView file
17*/ L18: const child_process_1 = require("child_process"); L19: const DEFAULT_BASE = 'https://app.getcodegraph.com'; L20: /** Dashboard base for the device-login endpoints; override for testing via CODEGRAPH_LOGIN_URL. */ L21: function loginBaseUrl() { L22: const raw = process.env.CODEGRAPH_LOGIN_URL?.trim() || DEFAULT_BASE; L23: return raw.replace(/\/+$/, '');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/dist/reasoning/login.jsView on unpkg · L17
lib/dist/installer/index.jsView file
125try { L126: (0, child_process_1.execSync)('npm install -g @colbymchenry/codegraph', { stdio: 'pipe', windowsHide: true }); L127: s.stop('Installed codegraph CLI on PATH');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/dist/installer/index.jsView on unpkg · L125
path = node kind = native_binary sizeBytes = 121333752 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

nodeView on unpkg
lib/dist/extraction/wasm/tree-sitter-scala.wasmView file
path = lib/dist/extraction/wasm/tree-sitter-scala.wasm kind = wasm_module sizeBytes = 4958320 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg

Findings

6 High6 Medium3 Low
HighChild Processlib/dist/upgrade/index.js
HighShell
HighEvallib/dist/bin/codegraph.js
HighSame File Env Network Executionlib/dist/reasoning/login.js
HighRuntime Package Installlib/dist/installer/index.js
HighPackage Source Clone Identity Mismatchlib/dist/upgrade/index.js
MediumDynamic Requirelib/dist/ui/shimmer-worker.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarynode
MediumShips Wasm Modulelib/dist/extraction/wasm/tree-sitter-scala.wasm
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings