•matchType = previous_version_dangerous_delta
matchedPackage = @explorer02/cfm-survey-sdk@0.2.3
matchedIdentity = npm:[redacted]:0.2.3
similarity = 0.545
summary = stored previous version shares package body but lacks this dangerous source file
CriticalPrevious Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkg 5`),console.log(Te(s)),e.diffOnly){H.writeFileSync(t.diffJsonPath,JSON.stringify(s,null,2),"utf8"),H.writeFileSync(t.diffMdPath,Te(s),"utf8"),console.log(`${z.dim} Updated ${t.dif...
L6: ${M.green}\u2705 Fetched final config (review mode)${M.reset}`),console.log(`${M.green} Final: ${r.finalPath}${M.reset}`),console.log(`${M.green} Diff: ${r.diffMdPath}${M.rese...
L7: `);let o=await oe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighChild Process
Package source references child process execution.
dist/cli/index.jsView on unpkg · L5 1#!/usr/bin/env node
L2: "use strict";var _o=Object.create;var Ie=Object.defineProperty;var Do=Object.getOwnPropertyDescriptor;var Oo=Object.getOwnPropertyNames;var Lo=Object.getPrototypeOf,Mo=Object.proto...
L3: `)}function K(e){return{seedPath:le.join(e,"survey-ui-config.seed.json"),finalPath:le.join(e,"survey-ui-config.final.json"),diffJsonPath:le.join(e,"survey-ui-config.diff.json"),dif...
L4: ${z.bold}${z.cyan}\u{1F4CB} UI config review${z.reset}
L5: `),console.log(Te(s)),e.diffOnly){H.writeFileSync(t.diffJsonPath,JSON.stringify(s,null,2),"utf8"),H.writeFileSync(t.diffMdPath,Te(s),"utf8"),console.log(`${z.dim} Updated ${t.dif...
L6: ${M.green}\u2705 Fetched final config (review mode)${M.reset}`),console.log(`${M.green} Final: ${r.finalPath}${M.reset}`),console.log(`${M.green} Diff: ${r.diffMdPath}${M.rese...
L7: `);let o=await oe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L1 1#!/usr/bin/env node
L2: "use strict";var _o=Object.create;var Ie=Object.defineProperty;var Do=Object.getOwnPropertyDescriptor;var Oo=Object.getOwnPropertyNames;var Lo=Object.getPrototypeOf,Mo=Object.proto...
L3: `)}function K(e){return{seedPath:le.join(e,"survey-ui-config.seed.json"),finalPath:le.join(e,"survey-ui-config.final.json"),diffJsonPath:le.join(e,"survey-ui-config.diff.json"),dif...
L4: ${z.bold}${z.cyan}\u{1F4CB} UI config review${z.reset}
L5: `),console.log(Te(s)),e.diffOnly){H.writeFileSync(t.diffJsonPath,JSON.stringify(s,null,2),"utf8"),H.writeFileSync(t.diffMdPath,Te(s),"utf8"),console.log(`${z.dim} Updated ${t.dif...
L6: ${M.green}\u2705 Fetched final config (review mode)${M.reset}`),console.log(`${M.green} Final: ${r.finalPath}${M.reset}`),console.log(`${M.green} Diff: ${r.diffMdPath}${M.rese...
L7: `);let o=await oe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L1 5`),console.log(Te(s)),e.diffOnly){H.writeFileSync(t.diffJsonPath,JSON.stringify(s,null,2),"utf8"),H.writeFileSync(t.diffMdPath,Te(s),"utf8"),console.log(`${z.dim} Updated ${t.dif...
L6: ${M.green}\u2705 Fetched final config (review mode)${M.reset}`),console.log(`${M.green} Final: ${r.finalPath}${M.reset}`),console.log(`${M.green} Diff: ${r.diffMdPath}${M.rese...
L7: `);let o=await oe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L5