registry  /  @postmortem-cli/mort  /  1.0.1

@postmortem-cli/mort@1.0.1

postmortem ☠ — AI-powered ops intelligence for developers

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 116 KB of source, external domains: acme.app, acme.vercel.app, api.github.com, api.vercel.com, fonts.googleapis.com, fonts.gstatic.com, github.com, ollama.ai

Source & flagged code

1 flagged · loading source
dist/index.jsView file
12function expandTilde(p) { L13: if (p === "~") return homedir(); L14: if (p.startsWith("~/") || p.startsWith("~\\")) { ... L19: function rootDir() { L20: const override = process.env.POSTMORTEM_HOME; L21: if (override && override.length > 0) { ... L123: function println(text = "") { L124: process.stdout.write(`${text} L125: `); ... L255: { L256: label: "private-key-block", L257: pattern: /-----BEGIN (?:[A-Z ]+ )?PRIVATE KEY-----[\s\S]*?-----END (?:[A-Z ]+ )?PRIVATE KEY-----/g,
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/index.jsView on unpkg · L12

Findings

1 High3 Medium5 Low
HighCloud Metadata Accessdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings