registry  /  @celsian/cli  /  0.5.4

@celsian/cli@0.5.4

Command-line tools for CelsianJS projects

Static Scan Results

scanned 6h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 33.0 KB of source, external domains: docs.aws.amazon.com, fly.io, railway.com

Source & flagged code

3 flagged · loading source
dist/commands/deploy.jsView file
1// @celsian/cli — Deploy command: generates config files and deploys to platform CLIs L2: import { execSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/commands/deploy.jsView on unpkg · L1
354try { L355: execSync("npx celsian build", { cwd, stdio: "inherit" }); L356: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/deploy.jsView on unpkg · L354
dist/commands/routes.jsView file
23// ("Top-level await is currently not supported with the cjs output format"). L24: const loaderScript = `const mod = await import(${JSON.stringify(`file://${fullEntry}`)}); L25: const app = mod.default ?? mod.app;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/commands/routes.jsView on unpkg · L23

Findings

3 High3 Medium4 Low
HighChild Processdist/commands/deploy.js
HighShell
HighRuntime Package Installdist/commands/deploy.js
MediumDynamic Requiredist/commands/routes.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings