registry  /  @livx.cc/appwrap  /  0.42.2

@livx.cc/appwrap@0.42.2

Wrap any PWA into a native app with native capabilities (appwrap runtime + @livx.cc/native-kit).

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 57 file(s), 590 KB of source, external domains: app.example.com, appwrap.local, www.apple.com

Source & flagged code

3 flagged · loading source
src/cli.tsView file
10*/ L11: import { execFileSync, spawn } from 'child_process'; L12: import { cpSync, existsSync, mkdirSync, openSync, closeSync, readdirSync, readFileSync, readSync, rmSync, statSync, writeFileSync, writeSync } from 'fs';
High
Child Process

Package source references child process execution.

src/cli.tsView on unpkg · L10
1789if (!existsSync(join(outDir, 'node_modules'))) { L1790: console.log(`▶ bun install (cwd: ${outDir})`); L1791: execFileSync('bun', ['install'], { cwd: outDir, stdio: 'inherit', env }); L1792: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/cli.tsView on unpkg · L1789
runtime/app/shell/handlers-extended.tsView file
187// ── secure storage (Keychain/Keystore via @nativescript/secure-storage) ── L188: const secure = new (require('@nativescript/secure-storage').SecureStorage)(); L189: bridge.register('storage.secure.get', async ({ key }: { key: string }) =>
Medium
Dynamic Require

Package source references dynamic require/import behavior.

runtime/app/shell/handlers-extended.tsView on unpkg · L187

Findings

3 High3 Medium4 Low
HighChild Processsrc/cli.ts
HighShell
HighRuntime Package Installsrc/cli.ts
MediumDynamic Requireruntime/app/shell/handlers-extended.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings