registry  /  @reddb-io/cli  /  1.21.0

@reddb-io/cli@1.21.0

CLI launcher for RedDB. The JS/TS app driver is published as @reddb-io/sdk.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 22 file(s), 122 KB of source, external domains: github.com, raw.githubusercontent.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node drivers/js/cli-postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
drivers/js/cli-postinstall.jsView file
25import { existsSync, mkdirSync, writeFileSync, chmodSync } from 'node:fs' L26: import { execSync } from 'node:child_process' L27: ... L32: const require = createRequire(import.meta.url) L33: // CLI manifest lives at the repo root (../../package.json), and that is the L34: // `@reddb-io/cli` package — not the SDK manifest next to this file. ... L38: L39: if (process.env.REDDB_SKIP_POSTINSTALL === '1') { L40: process.stdout.write('reddb-cli: postinstall skipped (REDDB_SKIP_POSTINSTALL=1)\n') L41: process.exit(0) ... L72: return ( L73: `reddb-cli: no prebuilt red binary for ${process.platform}/${process.arch}.\n` +
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

drivers/js/cli-postinstall.jsView on unpkg · L25

Findings

2 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilitydrivers/js/cli-postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings