registry  /  @plumbus/core  /  0.6.3

@plumbus/core@0.6.3

Plumbus framework core — types, SDK, runtime, CLI, test utilities

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 201 file(s), 941 KB of source, external domains: api.anthropic.com, api.openai.com, biomejs.dev, github.com, schemas.microsoft.com, schemas.xmlsoap.org, www.w3.org

Source & flagged code

4 flagged · loading source
dist/config/loader.jsView file
30patternName = generic_password severity = medium line = 30 matchedText = password...es',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/config/loader.jsView on unpkg · L30
dist/cli/commands/test.jsView file
4// Use --all to run both unit and e2e tests. L5: import { execFileSync } from 'node:child_process'; L6: import { createRequire } from 'node:module';
High
Child Process

Package source references child process execution.

dist/cli/commands/test.jsView on unpkg · L4
dist/runtime/load-extensions.jsView file
8try { L9: const req = createRequire(import.meta.url); L10: const tsxPath = req.resolve('tsx/esm/api');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/runtime/load-extensions.jsView on unpkg · L8
dist/cli/commands/e2e.jsView file
88info(`Starting frontend dev server on port ${port}...`); L89: serverProcess = spawn('npx', ['next', 'dev', '--port', port], { L90: cwd: frontendDir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/commands/e2e.jsView on unpkg · L88

Findings

3 High5 Medium5 Low
HighChild Processdist/cli/commands/test.js
HighShell
HighRuntime Package Installdist/cli/commands/e2e.js
MediumSecret Patterndist/config/loader.js
MediumDynamic Requiredist/runtime/load-extensions.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings