registry  /  @hominis/fireforge  /  0.34.2

@hominis/fireforge@0.34.2

FireForge — a build tool for customizing Firefox

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 287 file(s), 2.17 MB of source, external domains: archive.mozilla.org, facebook.github.io, git-scm.com, github.com, mozilla.org, python.org, www.mozilla.org, www.w3.org

Source & flagged code

1 flagged · loading source
dist/src/core/typecheck-shim.jsView file
31* content scripts wired via `browser.js`. L32: * - Dynamic `import("resource:-…")` / `import("chrome:-…")` under patch L33: * checkJs: imports of *patch-owned* modules resolve to their real
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/core/typecheck-shim.jsView on unpkg · L31

Findings

4 Medium6 Low
MediumDynamic Requiredist/src/core/typecheck-shim.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License