registry  /  @opensea/cli  /  1.12.0

@opensea/cli@1.12.0

OpenSea CLI - Query the OpenSea API from the command line or programmatically

Static Scan Results

scanned 8h ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 132 KB of source, external domains: api.opensea.io, api.privy.io, auth.opensea.io, eth.merkle.io, github.com, opensea.io

Source & flagged code

1 flagged · loading source
dist/cli.jsView file
9import { join } from "path"; L10: var AUTH_DIR = join(homedir(), ".opensea"); L11: var AUTH_FILE = join(AUTH_DIR, "auth.json"); ... L25: const data = readFileSync(AUTH_FILE, "utf-8"); L26: return JSON.parse(data); L27: } catch { ... L73: // src/client.ts L74: var DEFAULT_BASE_URL = "https://api.opensea.io"; L75: var DEFAULT_TIMEOUT_MS = 3e4; ... L170: async post(path, body, params) { L171: return this.write("POST", path, body, params); L172: }
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/cli.jsView on unpkg · L9

Findings

1 High2 Medium5 Low
HighCredential Exfiltrationdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings