registry  /  @jxsuite/server  /  0.35.0

@jxsuite/server@0.35.0

Jx development server with live reload, server-side proxy, and studio integration

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 164 KB of source, external domains: api.openai.com, registry.npmjs.org

Source & flagged code

4 flagged · loading source
src/resolve.tsView file
279const bodyStr = Array.isArray(ctor.body) ? ctor.body.join("\n") : ctor.body; L280: new Function("config", bodyStr).call(this, config); L281: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/resolve.tsView on unpkg · L279
src/studio-api.tsView file
487package = @jxsuite/server; repositoryIdentity = jx; dependency = @jxsuite/starters L487: try { L488: const { listStarters } = await import("@jxsuite/starters"); L489: return Response.json(listStarters());
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

src/studio-api.tsView on unpkg · L487
matchType = previous_version_dangerous_delta matchedPackage = @jxsuite/server@0.34.0 matchedIdentity = npm:QGp4c3VpdGUvc2VydmVy:0.34.0 similarity = 0.813 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/studio-api.tsView on unpkg
456} L457: const { isTemplateId } = await import("@jxsuite/create/templates"); L458: if (template !== undefined && !isTemplateId(template)) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/studio-api.tsView on unpkg · L456

Findings

2 High4 Medium5 Low
HighCopied Package Dependency Bridgesrc/studio-api.ts
HighPrevious Version Dangerous Deltasrc/studio-api.ts
MediumDynamic Requiresrc/studio-api.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalsrc/resolve.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings