registry  /  @guapocado/cli  /  0.0.4

@guapocado/cli@0.0.4

CLI for the Guapocado billing platform. Manage billing configs, sync with Stripe, and generate typed code from your billing schema.

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 252 KB of source, external domains: api.guapocado.dev

Source & flagged code

2 flagged · loading source
dist/chunk-OFWLPRBY.jsView file
14import consola from "consola"; L15: var require2 = createRequire(import.meta.url); L16: var CONFIG_MARKER = "GUAPOCADO_CONFIG_JSON:";
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-OFWLPRBY.jsView on unpkg · L14
dist/login-CRWDZ5VM.jsView file
13// src/commands/login.ts L14: import { spawn } from "child_process"; L15: import { defineCommand } from "citty"; ... L17: function openBrowser(url) { L18: const command = process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open"; L19: const args = process.platform === "win32" ? ["/c", "start", "", url] : [url]; ... L41: async run({ args }) { L42: const baseUrl = "https://api.guapocado.dev"; L43: if (args.key) { ... L58: headers: { "content-type": "application/json" }, L59: body: JSON.stringify({ target: "both" }) L60: });
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/login-CRWDZ5VM.jsView on unpkg · L13

Findings

1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/login-CRWDZ5VM.js
MediumDynamic Requiredist/chunk-OFWLPRBY.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings