registry  /  @open-keystone/adapter-prisma  /  4.0.39

@open-keystone/adapter-prisma@4.0.39

KeystoneJS Prisma Database Adapter

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 25.1 KB of source

Source & flagged code

3 flagged · loading source
lib/adapter-prisma.jsView file
3const crypto = require('crypto'); L4: const { execSync } = require('child_process'); L5: const cuid = require('cuid');
High
Child Process

Package source references child process execution.

lib/adapter-prisma.jsView on unpkg · L3
73_runPrismaCmd(cmd) { L74: // speed up npx command L75: const localBin = path.join(__dirname, '../node_modules/.bin/prisma'); ... L83: L84: return execSync(`${bin} ${cmd} --schema ${this.schemaPath}`, { L85: env: { ...process.env, DATABASE_URL: this._url() },
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/adapter-prisma.jsView on unpkg · L73
index.jsView file
1const { PrismaAdapter, PrismaListAdapter, PrismaFieldAdapter } = require('./lib/adapter-prisma'); L2:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L1

Findings

2 High3 Medium2 Low
HighChild Processlib/adapter-prisma.js
HighRuntime Package Installlib/adapter-prisma.js
MediumDynamic Requireindex.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings