registry  /  @ingit/cli-darwin-x64  /  0.1.0

@ingit/cli-darwin-x64@0.1.0

⚠ Under review

ingit prebuilt binary for darwin-x64

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 413 KB of source, external domains: react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
client/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner) `):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

client/assets/index-CgrOd-mb.jsView on unpkg · L577
libziggit.dylibView file
path = libziggit.dylib kind = native_binary sizeBytes = 23379 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

libziggit.dylibView on unpkg

Findings

1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.dylib
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings