registry  /  @castlemilk/omega  /  0.6.17

@castlemilk/omega@0.6.17

Omega Harness CLI - installable via npx

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 53 file(s), 1.77 MB of source, external domains: example.com, reactjs.org, www.w3.org

Source & flagged code

3 flagged · loading source
dist/server/dist/routes/benchmarks.jsView file
3import path from 'node:path'; L4: import { spawn } from 'node:child_process'; L5: import { z } from 'zod';
High
Child Process

Package source references child process execution.

dist/server/dist/routes/benchmarks.jsView on unpkg · L3
dist/cli.jsView file
583stdio: "inherit", L584: shell: true, L585: env
High
Shell

Package source references shell execution.

dist/cli.jsView on unpkg · L583
573const grpcPort = await findAvailablePort(DEFAULT_GRPC_PORT, MAX_GRPC_PORT); L574: apiUrl = `http://localhost:${port.toString()}`; L575: process.env.HARNESS_API_URL = apiUrl; L576: const env = { ... L581: }; L582: server = startBundledServer(env) ?? spawn("pnpm", ["--filter", "@omega/server", "dev"], { L583: stdio: "inherit",
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L573

Findings

3 High3 Medium5 Low
HighChild Processdist/server/dist/routes/benchmarks.js
HighShelldist/cli.js
HighSame File Env Network Executiondist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings