registry  /  @chainabit/cli  /  0.1.0

@chainabit/cli@0.1.0

Chainabit CLI — the terminal control plane for workspaces, AI, connectors, and automation

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 193 KB of source, external domains: dotenvx.com, github.com

Source & flagged code

4 flagged · loading source
bin/chainabit.cjsView file
13(Did you mean one of ${i.join(", ")}?)`:i.length===1?` L14: (Did you mean ${i[0]}?)`:""}an.suggestSimilar=yi});var hn=ae(It=>{var bi=require("node:events").EventEmitter,At=require("node:child_process"),ue=require("node:path"),Ge=require("no... L15: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma...
High
Child Process

Package source references child process execution.

bin/chainabit.cjsView on unpkg · L13
13(Did you mean one of ${i.join(", ")}?)`:i.length===1?` L14: (Did you mean ${i[0]}?)`:""}an.suggestSimilar=yi});var hn=ae(It=>{var bi=require("node:events").EventEmitter,At=require("node:child_process"),ue=require("node:path"),Ge=require("no... L15: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma... ... L26: Expecting one of '${i.join("', '")}'`);let s=`${e}Help`;return this.on(s,n=>{let o;typeof t=="function"?o=t({error:n.error,command:n.command}):o=t,o&&n.write(`${o} L27: `)}),this}_outputHelpIfRequested(e){let t=this._getHelpOption();t&&e.find(s=>t.is(s))&&(this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)"))}};function un(r){r... L28: `);let i;for(;(i=Ui.exec(t))!=null;){let s=i[1],n=i[2]||"";n=n.trim();let o=n[0];n=n.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),o==='"'&&(n=n.replace(/\\n/g,` L29: `),n=n.replace(/\\r/g,"\r")),e[s]=n}return e}function Vi(r){r=r||{};let e=Tn(r);r.path=e;let t=G.configDotenv(r);if(!t.parsed){let o=new Error(`MISSING_DATA: Cannot parse ${e} for ... L30: `,{encoding:"utf-8",mode:384}),Mt(ye,384)}func
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/chainabit.cjsView on unpkg · L13
13(Did you mean one of ${i.join(", ")}?)`:i.length===1?` L14: (Did you mean ${i[0]}?)`:""}an.suggestSimilar=yi});var hn=ae(It=>{var bi=require("node:events").EventEmitter,At=require("node:child_process"),ue=require("node:path"),Ge=require("no... L15: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma... ... L26: Expecting one of '${i.join("', '")}'`);let s=`${e}Help`;return this.on(s,n=>{let o;typeof t=="function"?o=t({error:n.error,command:n.command}):o=t,o&&n.write(`${o} L27: `)}),this}_outputHelpIfRequested(e){let t=this._getHelpOption();t&&e.find(s=>t.is(s))&&(this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)"))}};function un(r){r... L28: `);let i;for(;(i=Ui.exec(t))!=null;){let s=i[1],n=i[2]||"";n=n.trim();let o=n[0];n=n.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),o==='"'&&(n=n.replace(/\\n/g,`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/chainabit.cjsView on unpkg · L13
41patternName = generic_password severity = medium line = 41 matchedText = `):($e("...gr=`
Medium
Secret Pattern

Package contains a possible secret pattern.

bin/chainabit.cjsView on unpkg · L41

Findings

3 High4 Medium6 Low
HighChild Processbin/chainabit.cjs
HighSame File Env Network Executionbin/chainabit.cjs
HighCommand Output Exfiltrationbin/chainabit.cjs
MediumSecret Patternbin/chainabit.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License