registry  /  @avesbox/magpie  /  0.3.0

@avesbox/magpie@0.3.0

Acceptance criteria scenarios on top of Vitest.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 115 KB of source

Source & flagged code

2 flagged · loading source
dist/bin.jsView file
1#!/usr/bin/env node L2: import { spawn } from "node:child_process"; L3: import { readFileSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/bin.jsView on unpkg · L1
49catch { L50: process.stderr.write("magpie: could not resolve vitest — install it first: npm install --save-dev vitest\n"); L51: process.exitCode = 1; ... L53: } L54: const child = spawn(process.execPath, [vitestEntry, ...forwardedArgv], { L55: env,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/bin.jsView on unpkg · L49

Findings

3 High2 Medium4 Low
HighChild Processdist/bin.js
HighShell
HighRuntime Package Installdist/bin.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings