registry  /  @minimalcorp/tsunagi  /  0.1.19

@minimalcorp/tsunagi@0.1.19

Multi-repo GitHub project management with Claude AI integration, designed for visualizing and controlling AI-driven development locally.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinified
Manifest
NoLicense
scanned 44 file(s), 202 KB of source

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/fix-node-pty-permissions.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/with-plugin.jsView file
1#!/usr/bin/env node L2: import { spawn } from 'node:child_process'; L3: import { cleanupPluginState, ensureCleanPluginState } from './plugin-lifecycle.js';
High
Child Process

Package source references child process execution.

dist/with-plugin.jsView on unpkg · L1
35stdio: 'inherit', L36: shell: true, L37: });
High
Shell

Package source references shell execution.

dist/with-plugin.jsView on unpkg · L35
23? 'npm run dev -w @minimalcorp/tsunagi-server' L24: : 'npm exec --workspace @minimalcorp/tsunagi-server tsx src/index.ts'; L25: const child = spawn('npx', [ L26: 'concurrently',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/with-plugin.jsView on unpkg · L23
scripts/monaco-editor.shView file
path = scripts/monaco-editor.sh kind = build_helper sizeBytes = 2163 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/monaco-editor.shView on unpkg
.next/standalone/apps/web/.next/static/media/5ce348bf30bf5439-s.0zgw-jeven.3w.woff2View file
path = .next/standalone/apps/web/.[redacted]-s.0zgw-jeven.3w.woff2 kind = high_entropy_blob sizeBytes = 6204 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.next/standalone/apps/web/.next/static/media/5ce348bf30bf5439-s.0zgw-jeven.3w.woff2View on unpkg

Findings

5 High4 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/with-plugin.js
HighShelldist/with-plugin.js
HighRuntime Package Installdist/with-plugin.js
HighShips High Entropy Blob.next/standalone/apps/web/.next/static/media/5ce348bf30bf5439-s.0zgw-jeven.3w.woff2
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/monaco-editor.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License