registry  /  @aroman22/codegraph-vba-win32-x64  /  1.3.5

@aroman22/codegraph-vba-win32-x64@1.3.5

CodeGraph self-contained bundle for win32-x64

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 149 file(s), 2.65 MB of source, external domains: ai.getcodegraph.com, antigravity.google, api.github.com, app.getcodegraph.com, docs.claude.com, docs.cursor.com, geminicli.com, github.com, hermes-agent.nousresearch.com, kiro.dev, opencode.ai, raw.githubusercontent.com, telemetry.getcodegraph.com

Source & flagged code

8 flagged · loading source
lib/dist/upgrade/index.jsView file
78const https = __importStar(require("https")); L79: const child_process_1 = require("child_process"); L80: exports.REPO = 'ardelperal/codegraph';
High
Child Process

Package source references child process execution.

lib/dist/upgrade/index.jsView on unpkg · L78
lib/dist/bin/codegraph.jsView file
89// eslint-disable-next-line @typescript-eslint/no-implied-eval L90: const importESM = new Function('specifier', 'return import(specifier)'); L91: // Block CodeGraph on Node.js 25.x — V8's turboshaft WASM JIT has a Zone
High
Eval

Package source references dynamic code evaluation.

lib/dist/bin/codegraph.jsView on unpkg · L89
lib/dist/ui/shimmer-worker.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: const worker_threads_1 = require("worker_threads"); L4: const fs_1 = require("fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/dist/ui/shimmer-worker.jsView on unpkg · L2
lib/dist/reasoning/login.jsView file
17*/ L18: const child_process_1 = require("child_process"); L19: const DEFAULT_BASE = 'https://app.getcodegraph.com'; L20: /** Dashboard base for the device-login endpoints; override for testing via CODEGRAPH_LOGIN_URL. */ L21: function loginBaseUrl() { L22: const raw = process.env.CODEGRAPH_LOGIN_URL?.trim() || DEFAULT_BASE; L23: return raw.replace(/\/+$/, '');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/dist/reasoning/login.jsView on unpkg · L17
lib/dist/installer/index.jsView file
125try { L126: (0, child_process_1.execSync)('npm install -g @colbymchenry/codegraph', { stdio: 'pipe', windowsHide: true }); L127: s.stop('Installed codegraph CLI on PATH');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/dist/installer/index.jsView on unpkg · L125
node.exeView file
path = node.exe kind = native_binary sizeBytes = 92279112 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

node.exeView on unpkg
lib/dist/extraction/wasm/tree-sitter-scala.wasmView file
path = lib/dist/extraction/wasm/tree-sitter-scala.wasm kind = wasm_module sizeBytes = 4958320 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg
bin/codegraph.cmdView file
path = bin/codegraph.cmd kind = build_helper sizeBytes = 75 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/codegraph.cmdView on unpkg

Findings

5 High7 Medium3 Low
HighChild Processlib/dist/upgrade/index.js
HighShell
HighEvallib/dist/bin/codegraph.js
HighSame File Env Network Executionlib/dist/reasoning/login.js
HighRuntime Package Installlib/dist/installer/index.js
MediumDynamic Requirelib/dist/ui/shimmer-worker.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarynode.exe
MediumShips Wasm Modulelib/dist/extraction/wasm/tree-sitter-scala.wasm
MediumShips Build Helperbin/codegraph.cmd
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings