registry  /  @hed-hog/cli  /  0.0.143

@hed-hog/cli@0.0.143

HedHog CLI tool

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 54 file(s), 573 KB of source, external domains: chocolatey.org, community.chocolatey.org, docs.docker.com, github.com, hedhog.com, nodejs.org, npm.hedhog.com, pnpm.io, registry.npmjs.org, www.docker.com

Source & flagged code

2 flagged · loading source
dist/src/modules/database/database.service.jsView file
307patternName = generic_password severity = medium line = 307 matchedText = let pass...me';
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/src/modules/database/database.service.jsView on unpkg · L307
dist/scripts/deploy.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: const child_process_1 = require("child_process"); L4: /**
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/scripts/deploy.jsView on unpkg · L2

Findings

4 Medium4 Low
MediumSecret Patterndist/src/modules/database/database.service.js
MediumDynamic Requiredist/scripts/deploy.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings