registry  /  @everystack/cli  /  0.2.40

@everystack/cli@0.2.40

CLI and OTA updates for Expo apps on everystack

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 60 file(s), 391 KB of source, external domains: docs.expo.dev, react.dev

Source & flagged code

2 flagged · loading source
src/env.jsView file
8* Usage: L9: * const { extra } = require('@everystack/cli/env').load(); L10: * module.exports = { expo: { extra } };
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/env.jsView on unpkg · L8
src/handler/signing.tsView file
2L3: export function signRSASHA256(data: string, privateKey: string): string { L4: const sign = crypto.createSign('RSA-SHA256'); ... L6: sign.end(); L7: return sign.sign(privateKey, 'base64'); L8: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/handler/signing.tsView on unpkg · L2

Findings

4 Medium7 Low
MediumDynamic Requiresrc/env.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptosrc/handler/signing.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License