registry  /  @joohw/boss-cli  /  0.6.0

@joohw/boss-cli@0.6.0

Boss直聘自动化 CLI:批量发消息、自动打招呼、候选人管理、深度搜索。基于 Puppeteer/CDP 驱动本机 Chrome,支持 AI Agent 编排

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 38 file(s), 299 KB of source, external domains: 127.0.0.1, aip.baidubce.com, github.com, img.bosszhipin.com, registry.npmjs.org, static.zhipin.com, www.w3.org, www.zhipin.com

Source & flagged code

3 flagged · loading source
dist/cli/version.jsView file
1import { spawn } from 'node:child_process'; L2: import { existsSync, readFileSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/cli/version.jsView on unpkg · L1
159const args = ['install', '-g', `${name}@latest`]; L160: console.error(`[boss-cli] 正在执行:npm install -g ${name}@latest`); L161: const code = await new Promise((resolve, reject) => { L162: const child = spawn(npmCommand, args, { L163: shell: process.platform === 'win32',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/version.jsView on unpkg · L159
dist/browser/cdp_browser.jsView file
1import { spawn } from 'node:child_process'; L2: import { existsSync } from 'node:fs'; ... L6: import { BROWSER_USER_DATA_DIR, ensureAppDataLayout } from '../config.js'; L7: /** 与 @puppeteer/browsers 一致,解析 Chrome 启动日志中的 CDP WebSocket URL(可能在 stdout 或 stderr)。 */ L8: const CDP_WEBSOCKET_ENDPOINT_REGEX = /^DevTools listening on (ws:\/\/.*)$/; ... L15: export const REMOTE_DEBUGGING_PORT = (() => { L16: const raw = process.env.BOSS_BROWSER_REMOTE_DEBUGGING_PORT?.trim(); L17: if (raw) {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/browser/cdp_browser.jsView on unpkg · L1

Findings

4 High3 Medium6 Low
HighChild Processdist/cli/version.js
HighShell
HighSame File Env Network Executiondist/browser/cdp_browser.js
HighRuntime Package Installdist/cli/version.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License