registry  /  @iobroker/repochecker  /  5.19.6

@iobroker/repochecker@5.19.6

This is a code for frontend and back-end of the service <https://adapter-check.iobroker.in/>

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 19 file(s), 649 KB of source, external domains: api.github.com, cdn.jsdelivr.net, data.jsdelivr.com, download.iobroker.net, github.com, raw.githubusercontent.com, registry.npmjs.org, spdx.org, translator.iobroker.in, www.github.com, www.npmjs.com

Source & flagged code

3 flagged · loading source
lib/M7000_License.jsView file
9L10: const execSync = require('node:child_process').execSync; L11:
High
Child Process

Package source references child process execution.

lib/M7000_License.jsView on unpkg · L9
lib/M5000_Code.jsView file
92words = lines.join('\n'); L93: const resultFunc = new Function(`return ${words};`); L94:
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/M5000_Code.jsView on unpkg · L92
lib/M0000_PackageJson.jsView file
1797/** L1798: * Creates a package-lock.json in a temp directory by running npm install --package-lock-only. L1799: * Returns the content of the generated package-lock.json, or throws if creation fails. ... L1804: async function createPackageLockJson(context) { L1805: const { exec } = require('node:child_process'); L1806: const os = require('node:os');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/M0000_PackageJson.jsView on unpkg · L1797

Findings

3 High3 Medium7 Low
HighChild Processlib/M7000_License.js
HighShell
HighRuntime Package Installlib/M0000_PackageJson.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvallib/M5000_Code.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License