registry  /  @niyase/plugin-sdk  /  0.2.0

@niyase/plugin-sdk@0.2.0

SDK for building niyase certified plugins

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 24 file(s), 1.04 MB of source, external domains: api.niyase.com, json-schema.org, react.dev, www.npmjs.com, www.w3.org

Source & flagged code

4 flagged · loading source
bin/commands/test.mjsView file
1import { spawnSync } from "node:child_process"; L2:
High
Child Process

Package source references child process execution.

bin/commands/test.mjsView on unpkg · L1
bin/commands/lint.mjsView file
44if (existsSync(join(cwd, "tsconfig.json"))) { L45: const r = spawnSync("npx", ["tsc", "--noEmit"], { L46: cwd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/commands/lint.mjsView on unpkg · L44
15{ re: /\bfetch\s*\(/, msg: "fetch() は不可。niyase.data / niyase.core を使う" }, L16: { re: /\beval\s*\(/, msg: "eval() は不可" }, L17: { re: /new\s+Function\s*\(/, msg: "new Function() は不可" },
Low
Eval

Package source references a known benign dynamic code generation pattern.

bin/commands/lint.mjsView on unpkg · L15
bin/lib/load-manifest.mjsView file
38}); L39: const mod = await import(pathToFileURL(outfile).href); L40: return mod.manifest ?? mod.default;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/lib/load-manifest.mjsView on unpkg · L38

Findings

3 High5 Medium6 Low
HighChild Processbin/commands/test.mjs
HighShell
HighRuntime Package Installbin/commands/lint.mjs
MediumDynamic Requirebin/lib/load-manifest.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbin/commands/lint.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings