registry  /  @origintrail-official/dkg-agent  /  10.0.5

@origintrail-official/dkg-agent@10.0.5

Agent runtime for DKG V10. Provides the `DKGAgent` class — the primary entry point for building agents that participate in the decentralized knowledge network.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 103 file(s), 2.24 MB of source, external domains: dkg.io, dkg.network, dkg.origintrail.io, eips.ethereum.org, example.org, schema.org, www.w3.org

Source & flagged code

3 flagged · loading source
dist/generic-sql-source.jsView file
424const moduleName = 'mssql'; L425: module = await import(moduleName); L426: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/generic-sql-source.jsView on unpkg · L424
dist/dkg-agent-context-graph.jsView file
138package = @origintrail-official/dkg-agent; repositoryIdentity = dkg; dependency = @libp2p/peer-id L138: if (opts.allowedPeers && opts.allowedPeers.length > 0) { L139: const { peerIdFromString } = await import('@libp2p/peer-id'); L140: for (const peer of opts.allowedPeers) {
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/dkg-agent-context-graph.jsView on unpkg · L138
dist/dkg-agent-endorse.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @origintrail-official/dkg-agent@10.0.2 matchedIdentity = npm:[redacted]:10.0.2 similarity = 0.753 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/dkg-agent-endorse.jsView on unpkg

Findings

2 High3 Medium4 Low
HighCopied Package Dependency Bridgedist/dkg-agent-context-graph.js
HighPrevious Version Dangerous Deltadist/dkg-agent-endorse.js
MediumDynamic Requiredist/generic-sql-source.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings