registry  /  @illuz-modified/hapi  /  0.18.0-illuz

@illuz-modified/hapi@0.18.0-illuz

App for agentic coding - access coding agent anywhere

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcess
Supply chain
UrlStrings
Manifest
CopyleftLicense
scanned 1 file(s), 4.38 KB of source, external domains: github.com, registry.npmjs.org

Source & flagged code

1 flagged · loading source
bin/hapi.cjsView file
2L3: const { execFileSync } = require('child_process'); L4: const path = require('path'); L5: L6: const platform = process.platform; L7: const arch = process.arch; L8: const RELEASE_URL = 'https://github.com/tiann/hapi/releases'; L9: const OFFICIAL_NPM_REGISTRY = 'https://registry.npmjs.org'; ... L45: // Try to find the platform-specific package L46: const pkgPath = require.resolve(`${pkgName}/package.json`); L47: const binName = platformName === 'win32' ? 'hapi.exe' : 'hapi';
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/hapi.cjsView on unpkg · L2

Findings

1 High2 Low
HighSandbox Evasion Gated Capabilitybin/hapi.cjs
LowUrl Strings
LowCopyleft License