registry  /  @christiandoxa/prodex  /  0.240.0

@christiandoxa/prodex@0.240.0

Multi-provider Codex wrapper with OpenAI quota-aware routing and Claude Code support

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
Manifest
WildcardDependency
scanned 1 file(s), 11.0 KB of source

Source & flagged code

2 flagged · loading source
lib/codex-shim.cjsView file
5const path = require("node:path"); L6: const { spawn, spawnSync } = require("node:child_process"); L7: const { createRequire } = require("node:module");
High
Child Process

Package source references child process execution.

lib/codex-shim.cjsView on unpkg · L5
288[ L289: "No executable external codex was found; attempting npm install because PRODEX_CODEX_AUTO_INSTALL=1.", L290: "Running: npm install -g @openai/codex@latest", ... L294: L295: const result = spawnSync(npm[redacted], ["install", "-g", "@openai/codex@latest"], { L296: stdio: "inherit",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/codex-shim.cjsView on unpkg · L288

Findings

2 High3 Medium2 Low
HighChild Processlib/codex-shim.cjs
HighRuntime Package Installlib/codex-shim.cjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowFilesystem
LowHigh Entropy Strings