registry  /  @elaraai/e3-cli  /  1.0.29

@elaraai/e3-cli@1.0.29

East Execution Engine CLI - Command-line tool for managing e3 repositories and tasks

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 42 file(s), 241 KB of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/src/cli.jsView file
27import { Command } from 'commander'; L28: const require = createRequire(import.meta.url); L29: const packageJson = require('../../package.json');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/cli.jsView on unpkg · L27
dist/src/commands/completion-install.spec.jsView file
18describe('detectShell', () => { L19: it('detects bash from /bin/bash', () => { L20: assert.strictEqual(detectShell({ SHELL: '/bin/bash' }), 'bash'); ... L35: describe('rcPath', () => { L36: it('uses ~/.bashrc for bash', () => { L37: assert.strictEqual(rcPath('bash', {}, '/home/u'), '/home/u/.bashrc');
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/src/commands/completion-install.spec.jsView on unpkg · L18

Findings

1 High6 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/src/cli.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/src/commands/completion-install.spec.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings