registry  /  @docpod/cli  /  0.2.1

@docpod/cli@0.2.1

Markdown, instantly polished. A zero-config CLI that turns a repo's Markdown into a modern doc site.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 82.1 KB of source, external domains: docpod.dev, www.sitemaps.org, www.w3.org

Source & flagged code

3 flagged · loading source
dist/load.jsView file
122if (path.endsWith(".ts")) { L123: const { tsImport } = await import("tsx/esm/api"); L124: return unwrapDefault(await tsImport(pathToFileURL(path).href, import.meta.url));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/load.jsView on unpkg · L122
dist/devserver.jsView file
6import { watch } from "node:fs"; L7: import { createServer } from "node:http"; L8: import { createHash } from "node:crypto"; ... L23: } L24: const accept = createHash("sha1").update(key + WS_GUID).digest("base64"); L25: socket.write(`HTTP/1.1 101 Switching Protocols\r L26: Upgrade: websocket\r
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/devserver.jsView on unpkg · L6
dist/build.jsView file
143package = @docpod/cli; repositoryIdentity = docpod; dependency = pagefind L143: try { L144: const { index } = await (await import("pagefind")).createIndex(); L145: await index.addDirectory({ path: outDir });
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/build.jsView on unpkg · L143

Findings

1 High4 Medium5 Low
HighCopied Package Dependency Bridgedist/build.js
MediumDynamic Requiredist/load.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/devserver.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings