registry  /  @chess-pgn/chess-pgn  /  1.2.0

@chess-pgn/chess-pgn@1.2.0

Chess library with enhanced PGN support for parsing large, multi-game PGN files.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 26 file(s), 678 KB of source

Source & flagged code

2 flagged · loading source
test-setup.tsView file
5L6: import { execSync } from 'child_process' L7: import { existsSync, unlinkSync } from 'fs'
High
Child Process

Package source references child process execution.

test-setup.tsView on unpkg · L5
20*/ L21: execSync( L22: `npx esbuild ${workerSource} --bundle --platform=node --format=cjs --outfile=${workerOutput} --external:worker_threads`, L23: { stdio: 'inherit' },
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

test-setup.tsView on unpkg · L20

Findings

3 High1 Medium4 Low
HighChild Processtest-setup.ts
HighShell
HighRuntime Package Installtest-setup.ts
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings