registry  /  @hachej/boring-core  /  0.1.81

@hachej/boring-core@0.1.81

Foundation package for boring-ui-v2 apps: DB, auth, config, HTTP app factory, and frontend app shell.

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 595 KB of source, external domains: 127.0.0.1, api.lemonsqueezy.com, api.resend.com, api.stripe.com, calendly.com, fonts.googleapis.com, fonts.gstatic.com

Source & flagged code

1 flagged · loading source
dist/app/server/index.jsView file
1011const apiTarget = `http://127.0.0.1:${apiPort}`; L1012: const requireFromApp = createRequire(path3.join(appRoot, "package.json")); L1013: const viteEntry = requireFromApp.resolve("vite");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/app/server/index.jsView on unpkg · L1011

Findings

3 Medium4 Low
MediumDynamic Requiredist/app/server/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings