registry  /  @nexaloid/nexaloid  /  0.1.22

@nexaloid/nexaloid@0.1.22

Chinese tokenizer runtime

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
DynamicRequireEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 4.19 KB of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.install = node scripts/check-prebuild.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
1const path = require("node:path"); L2: const fs = require("node:fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L1
prebuilds/windows-x64/nexaloid.dllView file
path = prebuilds/windows-x64/nexaloid.dll kind = native_binary sizeBytes = 363520 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

prebuilds/windows-x64/nexaloid.dllView on unpkg
binding.gypView file
path = binding.gyp kind = build_helper sizeBytes = 753 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

binding.gypView on unpkg

Findings

1 High5 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requireindex.js
MediumEnvironment Vars
MediumShips Native Binaryprebuilds/windows-x64/nexaloid.dll
MediumShips Build Helperbinding.gyp
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem