registry  /  @lvce-editor/test-with-playwright-worker  /  22.2.0

@lvce-editor/test-with-playwright-worker@22.2.0

Worker package for test-with-playwright

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 49.2 KB of source

Source & flagged code

2 flagged · loading source
dist/workerMain.jsView file
1008package = @lvce-editor/test-with-playwright-worker; repositoryIdentity = test-with-playwright; dependency = @playwright/test L1008: expect L1009: } = await import('@playwright/test'); L1010: await withTimeout(testModule.test({
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/workerMain.jsView on unpkg · L1008
9L10: const require$1 = createRequire(import.meta.url); L11: const before = ` _onWebSocketOpened(event) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/workerMain.jsView on unpkg · L9

Findings

1 High3 Medium1 Low
HighCopied Package Dependency Bridgedist/workerMain.js
MediumDynamic Requiredist/workerMain.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem