•matchType = previous_version_dangerous_delta
matchedPackage = @explorer02/cfm-survey-sdk@0.3.4
matchedIdentity = npm:[redacted]:0.3.4
similarity = 0.558
summary = stored previous version shares package body but lacks this dangerous source file
CriticalPrevious Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkg 37`),console.log(ze(i)),e.diffOnly){Y.writeFileSync(t.diffJsonPath,JSON.stringify(i,null,2),"utf8"),Y.writeFileSync(t.diffMdPath,ze(i),"utf8"),console.log(`${J.dim} Updated ${t.dif...
L38: ${H.green}\u2705 Fetched final config (review mode)${H.reset}`),console.log(`${H.green} Final: ${s.finalPath}${H.reset}`),console.log(`${H.green} Diff: ${s.diffMdPath}${H.rese...
L39: `);let o=await fe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighChild Process
Package source references child process execution.
dist/cli/index.jsView on unpkg · L37 34}
L35: `});function We(e){if(!e.config)return null;let o=JSON.parse(JSON.stringify(e.config)),n=o.global?.logo;return e.logoUrl&&n&&(n.url=e.logoUrl),o}function Yo(e){return new Promise((...
L36: ${J.bold}${J.cyan}\u{1F4CB} UI config review${J.reset}
L37: `),console.log(ze(i)),e.diffOnly){Y.writeFileSync(t.diffJsonPath,JSON.stringify(i,null,2),"utf8"),Y.writeFileSync(t.diffMdPath,ze(i),"utf8"),console.log(`${J.dim} Updated ${t.dif...
L38: ${H.green}\u2705 Fetched final config (review mode)${H.reset}`),console.log(`${H.green} Final: ${s.finalPath}${H.reset}`),console.log(`${H.green} Diff: ${s.diffMdPath}${H.rese...
L39: `);let o=await fe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L34 34}
L35: `});function We(e){if(!e.config)return null;let o=JSON.parse(JSON.stringify(e.config)),n=o.global?.logo;return e.logoUrl&&n&&(n.url=e.logoUrl),o}function Yo(e){return new Promise((...
L36: ${J.bold}${J.cyan}\u{1F4CB} UI config review${J.reset}
L37: `),console.log(ze(i)),e.diffOnly){Y.writeFileSync(t.diffJsonPath,JSON.stringify(i,null,2),"utf8"),Y.writeFileSync(t.diffMdPath,ze(i),"utf8"),console.log(`${J.dim} Updated ${t.dif...
L38: ${H.green}\u2705 Fetched final config (review mode)${H.reset}`),console.log(`${H.green} Final: ${s.finalPath}${H.reset}`),console.log(`${H.green} Diff: ${s.diffMdPath}${H.rese...
L39: `);let o=await fe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L34 37`),console.log(ze(i)),e.diffOnly){Y.writeFileSync(t.diffJsonPath,JSON.stringify(i,null,2),"utf8"),Y.writeFileSync(t.diffMdPath,ze(i),"utf8"),console.log(`${J.dim} Updated ${t.dif...
L38: ${H.green}\u2705 Fetched final config (review mode)${H.reset}`),console.log(`${H.green} Final: ${s.finalPath}${H.reset}`),console.log(`${H.green} Diff: ${s.diffMdPath}${H.rese...
L39: `);let o=await fe("Would you like to install/upgrade Node.js v18+ automatically? (y/N): ");o.toLowerCase()==="y"||o.toLowerCase()==="yes"||(console.log(`
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L37