registry  /  @ndnci/codabra  /  0.1.8

@ndnci/codabra@0.1.8

Codabra CLI — generate and orchestrate applications from config files

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 7 file(s), 116 KB of source, external domains: docs.docker.com, get.docker.com, json-schema.org, registry.npmjs.org, turbo.build

Source & flagged code

3 flagged · loading source
dist/chunk-2BUCWWFO.jsView file
16// src/commands/db.ts L17: import { execSync } from "child_process"; L18: import * as fs2 from "fs";
High
Child Process

Package source references child process execution.

dist/chunk-2BUCWWFO.jsView on unpkg · L16
dist/index.jsView file
77stdio: "inherit", L78: shell: true L79: });
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L77
dist/chunk-PN6UGJ7Q.jsView file
1754// ../providers/dist/index.js L1755: import { execSync } from "child_process"; L1756: var NextjsProviderV16 = class { ... L1758: label = "Next.js 16 (App Router)"; L1759: initCommand = 'npx create-next-app@16.2.3 . --typescript --eslint --tailwind --app --src-dir --import-alias "@/*" --yes'; L1760: async generate(config, appDir, options) {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/chunk-PN6UGJ7Q.jsView on unpkg · L1754

Findings

3 High3 Medium5 Low
HighChild Processdist/chunk-2BUCWWFO.js
HighShelldist/index.js
HighRuntime Package Installdist/chunk-PN6UGJ7Q.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License