registry  /  @punica/editor  /  1.3.2

@punica/editor@1.3.2

⚠ Under review

Punica Editor

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedTrivial
Manifest
NoLicenseWildcardDependency
scanned 2 file(s), 1.36 MB of source

Source & flagged code

3 flagged · loading source
dist/index.bundle.umd.jsView file
1!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globa... L2: /* webpackIgnore: true */"child_process"),t=globalThis,n=t.process?.env??{};this.#In=e.spawn(this.#wn,this.#vn,{env:{...n,...this.#kn},stdio:["pipe","pipe","inherit"]}),this.#In.st...
High
Child Process

Package source references child process execution.

dist/index.bundle.umd.jsView on unpkg · L1
1!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globa... L2: /* webpackIgnore: true */"child_process"),t=globalThis,n=t.process?.env??{};this.#In=e.spawn(this.#wn,this.#vn,{env:{...n,...this.#kn},stdio:["pipe","pipe","inherit"]}),this.#In.st...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.bundle.umd.jsView on unpkg · L1
dist/index.bundle.esm.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @punica/editor@1.1.0 matchedIdentity = npm:QHB1bmljYS9lZGl0b3I:1.1.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.bundle.esm.jsView on unpkg

Findings

1 Critical2 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/index.bundle.esm.js
HighChild Processdist/index.bundle.umd.js
HighCommand Output Exfiltrationdist/index.bundle.umd.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License
@punica/editor@1.3.2: Suspicious npm security report (Warn) | LPM Firewall