registry  /  @patchstack/connect  /  0.3.6

@patchstack/connect@0.3.6

Patchstack connector for JavaScript applications. Scans your lockfile and reports installed packages to Patchstack for vulnerability monitoring.

Static Scan Results

scanned 9h ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 208 KB of source, external domains: api.patchstack.com, cdn.patchstack.com, patchstack.com

Source & flagged code

1 flagged · loading source
README.mdView file
> Add Patchstack dependency vulnerability monitoring: install `@patchstack/connect` as a dev dependency (MIT — verify with `npm view @patchstack/connect`; source: https://github.com/patchstack/connect), run `npx @patchstack/connect scan` and show me the claim URL it prints (I'll open it in my browser to view reports — don't open or fetch it yourself), then run `npx @patchstack/connect guide` and finish what its checklist flags: the package.json build hooks and the report-a-vulnerability widget snippet.
High
Ai Reviewer Manipulation

Package text addresses the security reviewer or scanner and tries to influence the review outcome.

README.mdView on unpkg

Findings

1 High2 Medium5 Low
HighAi Reviewer ManipulationREADME.md
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings