registry  /  @finsemble/finsemble-electron-adapter  /  10.3.0

@finsemble/finsemble-electron-adapter@10.3.0

⚠ Under review

Finsemble's Electron based runtime

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystem
Supply chain
HighEntropyStringsMinifiedProtestwareTrivialUrlStrings
Manifest
NoLicense
scanned 5 file(s), 2.87 MB of source, external domains: github.com, goo.gl

Source & flagged code

5 flagged · loading source
dist/exports.jsView file
1/*! For license information please see exports.js.LICENSE.txt */ L2: (()=>{var e={4658(e,t,n){"use strict";n.d(t,{GetObjectCommand:()=>es,HeadObjectCommand:()=>ss});class r{static v2026="undefined"!=typeof process&&"true"===process.env?.SMITHY_NEW_R... L3: //# sourceMappingURL=exports.js.map
High
Child Process

Package source references child process execution.

dist/exports.jsView on unpkg · L1
1/*! For license information please see exports.js.LICENSE.txt */ L2: (()=>{var e={4658(e,t,n){"use strict";n.d(t,{GetObjectCommand:()=>es,HeadObjectCommand:()=>ss});class r{static v2026="undefined"!=typeof process&&"true"===process.env?.SMITHY_NEW_R... L3: //# sourceMappingURL=exports.js.map
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/exports.jsView on unpkg · L1
1/*! For license information please see exports.js.LICENSE.txt */ L2: (()=>{var e={4658(e,t,n){"use strict";n.d(t,{GetObjectCommand:()=>es,HeadObjectCommand:()=>ss});class r{static v2026="undefined"!=typeof process&&"true"===process.env?.SMITHY_NEW_R... L3: //# sourceMappingURL=exports.js.map
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/exports.jsView on unpkg · L1
1/*! For license information please see exports.js.LICENSE.txt */ L2: (()=>{var e={4658(e,t,n){"use strict";n.d(t,{GetObjectCommand:()=>es,HeadObjectCommand:()=>ss});class r{static v2026="undefined"!=typeof process&&"true"===process.env?.SMITHY_NEW_R... L3: //# sourceMappingURL=exports.js.map
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/exports.jsView on unpkg · L1
dist/app.jsView file
1/*! For license information please see app.js.LICENSE.txt */ L2: (()=>{var e={4658(e,t,n){"use strict";n.d(t,{GetObjectCommand:()=>es,HeadObjectCommand:()=>ss});class r{static v2026="undefined"!=typeof process&&"true"===process.env?.SMITHY_NEW_R... L3: //# sourceMappingURL=app.js.map
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/app.jsView on unpkg · L1

Findings

1 Critical3 High3 Medium6 Low
CriticalProtestware
HighChild Processdist/exports.js
HighSame File Env Network Executiondist/exports.js
HighCommand Output Exfiltrationdist/app.js
MediumDynamic Requiredist/exports.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/exports.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License