registry  /  @puzzmo/cli  /  1.0.55

@puzzmo/cli@1.0.55

Command-line tool for Puzzmo game developers. Authenticate, upload game builds, and create new game projects.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicenseWildcardDependency
scanned 69 file(s), 295 KB of source, external domains: api.puzzmo.com, dev-dj9e.onrender.com

Source & flagged code

3 flagged · loading source
lib/util/exec.jsView file
1import { execSync } from "node:child_process"; L2: /** Runs a shell command, printing output */
High
Child Process

Package source references child process execution.

lib/util/exec.jsView on unpkg · L1
26try { L27: execSync("npx vite build", { cwd, encoding: "utf-8", stdio: "pipe" }); L28: return { success: true };
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/util/exec.jsView on unpkg · L26
src/commands/upload.tsView file
393const scriptRe = /<script\b[^>]*\bsrc\s*=\s*["']([^"']+)["']/gi L394: let match: RegExpExecArray | null L395: while ((match = scriptRe.exec(html)) !== null) {
High
Shell

Package source references shell execution.

src/commands/upload.tsView on unpkg · L393

Findings

3 High4 Medium5 Low
HighChild Processlib/util/exec.js
HighShellsrc/commands/upload.ts
HighRuntime Package Installlib/util/exec.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License