registry  /  @nebusec/vega  /  0.1.1

@nebusec/vega@0.1.1

Vega security scanner CLI — run scans and query findings from the command line.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcess
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.43 KB of source, external domains: raw.githubusercontent.com

Source & flagged code

1 flagged · loading source
bin/vega.jsView file
2"use strict"; L3: const { spawnSync } = require("node:child_process"); L4: ... L8: const SUPPORTED = Object.keys( L9: require("../package.json").optionalDependencies || {} L10: ).map((name) => name.slice(PKG_PREFIX.length)); L11: L12: const key = `${process.platform}-${process.arch}`; L13: const pkg = PKG_PREFIX + key; ... L18: } catch { L19: process.stderr.write( L20: SUPPORTED.includes(key)
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/vega.jsView on unpkg · L2

Findings

1 High2 Low
HighSandbox Evasion Gated Capabilitybin/vega.js
LowUrl Strings
LowNo License