registry  /  @looop-games/cli  /  0.1.16

@looop-games/cli@0.1.16

Looop game development CLI — dev server, login, and publishing for standalone Looop games.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 25 file(s), 159 KB of source, external domains: play.looop.games, www.partykit.io

Source & flagged code

2 flagged · loading source
lib/lint.mjsView file
31try { L32: const req = createRequire(join(projectDir, 'package.json')); L33: const mod = await import(pathToFileURL(req.resolve('eslint')).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/lint.mjsView on unpkg · L31
lib/dev.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @looop-games/cli@0.1.15 matchedIdentity = npm:QGxvb29wLWdhbWVzL2NsaQ:0.1.15 similarity = 0.792 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/dev.mjsView on unpkg

Findings

1 High3 Medium4 Low
HighPrevious Version Dangerous Deltalib/dev.mjs
MediumDynamic Requirelib/lint.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings