registry  /  @reldens/cms  /  0.74.0

@reldens/cms@0.74.0

Reldens - CMS

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 69 file(s), 397 KB of source, external domains: www.googletagmanager.com

Source & flagged code

7 flagged · loading source
bin/reldens-cms-update-password.jsView file
165patternName = generic_password severity = medium line = 165 matchedText = rl.quest...=> {
Medium
Secret Pattern

Package contains a possible secret pattern.

bin/reldens-cms-update-password.jsView on unpkg · L165
166patternName = generic_password severity = medium line = 166 matchedText = rl.quest...=> {
Medium
Secret Pattern

Hardcoded password in bin/reldens-cms-update-password.js

bin/reldens-cms-update-password.jsView on unpkg · L166
215patternName = generic_password severity = medium line = 215 matchedText = Logger.e...ge);
Medium
Secret Pattern

Hardcoded password in bin/reldens-cms-update-password.js

bin/reldens-cms-update-password.jsView on unpkg · L215
bin/reldens-cms.jsView file
51Logger.info('Installing packages: npm install '+packages.join(' ')); L52: let {execSync} = require('child_process'); L53: execSync('npm install '+packages.join(' '), {stdio: 'inherit', cwd: projectRoot});
High
Child Process

Package source references child process execution.

bin/reldens-cms.jsView on unpkg · L51
50try { L51: Logger.info('Installing packages: npm install '+packages.join(' ')); L52: let {execSync} = require('child_process'); L53: execSync('npm install '+packages.join(' '), {stdio: 'inherit', cwd: projectRoot});
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/reldens-cms.jsView on unpkg · L50
bin/reldens-cms-generate-entities.jsView file
8L9: const { Manager } = require('../index'); L10: const { PrismaClientLoader } = require('@reldens/storage');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/reldens-cms-generate-entities.jsView on unpkg · L8
.claude/password-management-guide.mdView file
159patternName = generic_password severity = medium line = 159 matchedText = SET pass...ash'
Medium
Secret Pattern

Hardcoded password in .claude/password-management-guide.md

.claude/password-management-guide.mdView on unpkg · L159

Findings

3 High8 Medium3 Low
HighChild Processbin/reldens-cms.js
HighShell
HighRuntime Package Installbin/reldens-cms.js
MediumSecret Patternbin/reldens-cms-update-password.js
MediumDynamic Requirebin/reldens-cms-generate-entities.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternbin/reldens-cms-update-password.js
MediumSecret Patternbin/reldens-cms-update-password.js
MediumSecret Pattern.claude/password-management-guide.md
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings