registry  /  @framedash/cli  /  0.1.3

@framedash/cli@0.1.3

Framedash CLI tool for CI/CD pipelines, analytics queries, and coding agent integration.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 31 file(s), 136 KB of source, external domains: 127.0.0.1, app.framedash.dev

Source & flagged code

1 flagged · loading source
dist/commands/login.jsView file
1import { spawn } from "node:child_process"; L2: import { parseArgs } from "node:util"; ... L23: --no-browser Do not try to open the browser; print the URL only L24: --base-url <url> API base URL (default: https://app.framedash.dev) L25: -h, --help Show help`; ... L38: let args; L39: if (process.platform === "win32") { L40: command = "rundll32";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/commands/login.jsView on unpkg · L1

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/commands/login.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings