registry  /  @dianshuv/hapi  /  0.27.19

@dianshuv/hapi@0.27.19

App for agentic coding - access coding agent anywhere

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcess
Supply chain
UrlStrings
Manifest
CopyleftLicense
scanned 1 file(s), 4.04 KB of source, external domains: registry.npmjs.org

Source & flagged code

1 flagged · loading source
bin/hapi.cjsView file
2L3: const { execFileSync } = require('child_process'); L4: const path = require('path'); L5: L6: const platform = process.platform; L7: const arch = process.arch; L8: const OFFICIAL_NPM_REGISTRY = 'https://registry.npmjs.org'; L9: const SUPPORTED_PLATFORMS = [ ... L40: // Try to find the platform-specific package L41: const pkgPath = require.resolve(`${pkgName}/package.json`); L42: const binName = platformName === 'win32' ? 'hapi.exe' : 'hapi';
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/hapi.cjsView on unpkg · L2

Findings

1 High2 Low
HighSandbox Evasion Gated Capabilitybin/hapi.cjs
LowUrl Strings
LowCopyleft License