registry  /  @jordanmgsoftware/seo-cli  /  0.4.7

@jordanmgsoftware/seo-cli@0.4.7

SOTA SEO CLI for MG Software projects: crawl, audit, link graph, anti-spam (March 2026), GEO/AEO, programmatic SEO checks, plus dedicated security & privacy audits (HTTP headers, TLS, cookies, dependency vulns, takeover, GDPR/PII). Runs on production URLs

Static Scan Results

scanned 33m ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 5 file(s), 3.61 MB of source, external domains: 0.0.0.0, 127.0.0.1, 169.254.169.254, aanbouw247.nl, amsterdamskinclinic.nl, changelaserclinic.nl, evil.example.com, example.com, example.invalid, fastrenovation.nl, google.serper.dev, laserenskintherapie.nl, llmtxt.info, mgsoftware.nl, multiconcurrent.nl, oauth2.googleapis.com, placeholder.invalid, silkify.nl, skinmiracle.nl, suggestqueries.google.com, thelaserclub.nl, thelaserlabamsterdam.nl, velvyclinics.nl, www.amsterdamskincare.nl, www.bouwfort.nl, www.finelaserclinic.nl, www.googleapis.com, www.gustil.com, www.solarfast.nl, your-site.com

Source & flagged code

3 flagged · loading source
dist/seo-audit.mjsView file
12// src/core/deps-audit.ts L13: import { spawn } from "child_process"; L14: import { promises as fs } from "fs"; ... L48: var PUBLIC_DIRS = ["public", "static", "dist", "build", "out"]; L49: var LOCKFILES = ["package-lock.json", "yarn.lock", "pnpm-lock.yaml", "bun.lock"]; L50: var SCAN_IGNORE_DIRS = /* @__PURE__ */ new Set([ ... L90: ]; L91: var PRIVATE_KEY_VALUE_PATTERNS = [ L92: /^sk_live_[A-Za-z0-9]{20,}$/, ... L143: const args = tool === "bun" ? ["pm", "audit", "--json"] : ["audit", "--json"]; L144: let stdout = ""; L145: let stderr = "";
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/seo-audit.mjsView on unpkg · L12
19753const jiti = createJiti(import.meta.url); L19754: return jiti.import(filepath, { default: true }); L19755: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/seo-audit.mjsView on unpkg · L19753
12// src/core/deps-audit.ts L13: import { spawn } from "child_process"; L14: import { promises as fs } from "fs"; ... L48: var PUBLIC_DIRS = ["public", "static", "dist", "build", "out"]; L49: var LOCKFILES = ["package-lock.json", "yarn.lock", "pnpm-lock.yaml", "bun.lock"]; L50: var SCAN_IGNORE_DIRS = /* @__PURE__ */ new Set([ ... L90: ]; L91: var PRIVATE_KEY_VALUE_PATTERNS = [ L92: /^sk_live_[A-Za-z0-9]{20,}$/, ... L143: const args = tool === "bun" ? ["pm", "audit", "--json"] : ["audit", "--json"]; L144: let stdout = ""; L145: let stderr = "";
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/seo-audit.mjsView on unpkg · L12

Findings

1 High4 Medium7 Low
HighCloud Metadata Accessdist/seo-audit.mjs
MediumDynamic Requiredist/seo-audit.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/seo-audit.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License