registry  /  @lineman-io/plugin  /  2.9.19

@lineman-io/plugin@2.9.19

Lineman MCP server — AI-powered code intelligence for Claude Code

Static Scan Results

scanned 12d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 92 file(s), 590 KB of source, external domains: api-app-staging.lineman.io, api-app.lineman.io, api-data-staging.lineman.io, api-data.lineman.io, api.lineman.io, auth.lineman.io, disabled.invalid, lineman.io, nodejs.org
Oversized source lightweight scan
dist/main.js2.09 MB file, sampled 256 KB
NetworkDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsauth.lineman.iodisabled.invalid

Source & flagged code

4 flagged · loading source
start.mjsView file
33// be a file:// URL. pathToFileURL is a no-op-equivalent on POSIX. L34: await import(pathToFileURL(resolve(__dirname, "dist", "main.js")).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

start.mjsView on unpkg · L33
hooks/core/tier3-transport.mjsView file
1import{createHash as e}from"node:crypto";import{platform as r}from"node:os";export function tier3TransportTarget(t){return"win32"===r()?`\\\\.\\pipe\\lineman-tier3-${e("sha1").upda...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

hooks/core/tier3-transport.mjsView on unpkg · L1
dist/main.jsView file
path = dist/main.js kind = oversized_source_file sizeBytes = 2196233 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/main.jsView on unpkg
path = dist/main.js kind = oversized_cli_entrypoint sizeBytes = 2196233 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/main.jsView on unpkg

Findings

2 High5 Medium6 Low
HighObfuscated
HighOversized Source Filedist/main.js
MediumDynamic Requirestart.mjs
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/main.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptohooks/core/tier3-transport.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License