registry  /  @ckeditor/ckeditor5-dev-ci  /  56.6.0

@ckeditor/ckeditor5-dev-ci@56.6.0

Utils used on various Continuous Integration services.

Static Scan Results

scanned 15d ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 20 file(s), 44.9 KB of source, external domains: api.eu.snyk.io, api.github.com, app.circleci.com, avatars.githubusercontent.com, circleci.com, github.com, upload.wikimedia.org

Source & flagged code

1 flagged · loading source
bin/is-workflow-restarted.jsView file
12* L13: * - CIRCLE_WORKFLOW_ID - provided by default by CircleCI and keeps the workflow id. L14: * - CKE5_CIRCLE_TOKEN - an authorization token to talk to CircleCI REST API. ... L22: CIRCLE_WORKFLOW_ID L23: } = process.env; L24: L25: const requestUrl = `https://circleci.com/api/v2/workflow/${ CIRCLE_WORKFLOW_ID }`; L26: ... L34: fetch( requestUrl, requestOptions ) L35: .then( res => res.json() ) L36: .then( response => {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/is-workflow-restarted.jsView on unpkg · L12

Findings

1 High3 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/is-workflow-restarted.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License