registry  /  @p-moon/yue-cli  /  0.2.3

@p-moon/yue-cli@0.2.3

CLI tool for mydb.jdfmgt.com — query databases and execute SQL via browser session

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 178 KB of source, external domains: api.jsf.jd.com, digger.jd.com, hl.taishan.jd.com, intest-manager.jd.com, jagile.jd.com, joybuy.taishan.jd.com, joyspace.jd.com, joywatch.jd.com, mydb.jdfmgt.com, origin.jmq.jd.com, taishan.jd.com, test-intl.taishan.jd.com, test.intest-client.jd.com, test.taishan.jd.com, th.intest-manager.jd.com, th.taishan.jd.com, uk-test.intest-client.jd.com, uk.intest-manager.jd.com, www.google.com

Source & flagged code

2 flagged · loading source
bin/yue.mjsView file
5const __main = new URL('file:///' + join(__dirname, '..', 'dist', 'bin', 'yue.js').replace(/^\//, '')); L6: await import(__main.href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/yue.mjsView on unpkg · L5
dist/bin/yue.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @p-moon/yue-cli@0.1.9 matchedIdentity = npm:QHAtbW9vbi95dWUtY2xp:0.1.9 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin/yue.jsView on unpkg

Findings

1 High4 Medium5 Low
HighPrevious Version Dangerous Deltadist/bin/yue.js
MediumDynamic Requirebin/yue.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings