registry  /  @jaggerxtrm/pi-extensions  /  0.9.5

@jaggerxtrm/pi-extensions@0.9.5

Unified Pi extension entrypoint for xtrm-managed extensions

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 47 file(s), 206 KB of source, external domains: chat.qwen.ai, dashscope.aliyuncs.com, github.com

Source & flagged code

1 flagged · loading source
extensions/xtrm-ui/index.tsView file
175const componentPath = join(dirname(entryPath), "modes", "interactive", "components", "assistant-message.js"); L176: const mod = await import(pathToFileURL(componentPath).href) as { L177: AssistantMessageComponent?: AssistantMessageComponentCtor;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

extensions/xtrm-ui/index.tsView on unpkg · L175

Findings

4 Medium5 Low
MediumDynamic Requireextensions/xtrm-ui/index.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings