registry  /  @gadmin2n/cli  /  0.0.147

@gadmin2n/cli@0.0.147

⚠ Under review

Gadmin - modern, fast, powerful node.js web framework (@cli)

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 99 file(s), 283 KB of source, external domains: git.tencent.com, knot.woa.com, ptc.coding.intlgame.com, registry.npmjs.org

Source & flagged code

5 flagged · loading source
.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/.env.localView file
1patternName = blocked_file severity = critical matchedText = .yalc/@[redacted]-game-angle-demo/server/.env.local redactedSecretContext = secretLikeLines = 1 L1: DATABASE_URL=<redacted:69 token-like>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/.env.localView on unpkg · L1
bin/gadmin.jsView file
3Object.defineProperty(exports, "__esModule", { value: true }); L4: const commander = require("commander"); L5: const commands_1 = require("../commands");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/gadmin.jsView on unpkg · L3
.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/start-prod.shView file
path = .yalc/@[redacted]-game-angle-demo/server/start-prod.sh kind = payload_in_excluded_dir sizeBytes = 4464 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/start-prod.shView on unpkg
path = .yalc/@[redacted]-game-angle-demo/server/start-prod.sh kind = build_helper sizeBytes = 4464 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/start-prod.shView on unpkg
actions/update.action.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @gadmin2n/cli@0.0.151 matchedIdentity = npm:QGdhZG1pbjJuL2NsaQ:0.0.151 similarity = 0.990 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

actions/update.action.jsView on unpkg

Findings

2 Critical1 High5 Medium4 Low
CriticalCritical Secret.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/.env.local
CriticalPrevious Version Dangerous Deltaactions/update.action.js
HighPayload In Excluded Dir.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/start-prod.sh
MediumDynamic Requirebin/gadmin.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helper.yalc/@gadmin2n/schematics/dist/lib/application/files/gadmin2-game-angle-demo/server/start-prod.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings