registry  /  @bynaree/orino  /  0.3.0

@bynaree/orino@0.3.0

SEO and GEO audit tool for developers. Audits Next.js, Astro, SvelteKit, Nuxt, and plain HTML sites from the command line.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 485 KB of source, external domains: docs.orino.app, domain.com, example.com, github.com, orino.app, www.domain.com, yoursite.com

Source & flagged code

2 flagged · loading source
dist/bin/orino.jsView file
47try { L48: return JSON.parse(fs.readFileSync(p, "utf8")); L49: } catch { ... L60: function getPkgVersion(dir, pkgName) { L61: const pkg = readJsonFile(path.join(dir, "package.json")); L62: if (!pkg) return null; ... L679: hasDescription: hasComposableProp(script, "useSeoMeta", "description") || hasComposableProp(script, "useHead", "description"), L680: hasAsyncData: /\b(useAsyncData|useFetch)\s*\(/.test(script), L681: content ... L841: const candidates = [ L842: path5.join(__dirname, "..", "..", "package.json"), L843: path5.join(__dirname, "..", "package.json")
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/bin/orino.jsView on unpkg · L47
dist/src/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @bynaree/orino@0.3.1 matchedIdentity = npm:QGJ5bmFyZWUvb3Jpbm8:0.3.1 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/index.jsView on unpkg

Findings

2 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/bin/orino.js
HighPrevious Version Dangerous Deltadist/src/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings