registry  /  @remnic/core  /  9.3.677

@remnic/core@9.3.677

Framework-agnostic Remnic memory engine — orchestrator, storage, extraction, search, trust zones

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,228 file(s), 17.1 MB of source, external domains: 127.0.0.1, ampcode.com, anthropic.example, api.anthropic.com, api.github.com, api.notion.com, api.openai.com, claude.ai, codex.example, configured-anthropic.example, cursor.com, daemon.example, example.com, example.invalid, example.test, github.com, gmail.googleapis.com, internal.example.test, legacy-codex.example, materialized-claude-cli.example, materialized.example, merchant.example, notion.so, oauth2.googleapis.com, ollama.example, omp.sh, openai.com, openai.example, opik-active.example, pi.dev, prior.example, raw.example, raw.githubusercontent.com, replit.com, responses.example, roocode.com, runtime.example, tickets.example.com, upstream.example, vendor.example.com, windsurf.com

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/ensure-better-sqlite3.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/chunk-TQNRI55H.jsView file
432try { L433: mod = await import( L434: /* @vite-ignore */
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-TQNRI55H.jsView on unpkg · L432
dist/surfaces/dreams.jsView file
32title, L33: body: normalizeBody(params.body), L34: tags: params.tags,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/surfaces/dreams.jsView on unpkg · L32
dist/chunk-7HYPN2GC.jsView file
32function resolvePlatform(options) { L33: return options?.platform ?? process.platform; L34: } L35: function resolveMigrationHome(options) { L36: return options?.homeDir ?? resolveHomeDir(); L37: } ... L50: if (result.status !== 0) { L51: const reason = result.status === null ? `signal ${result.signal ?? "unknown"}` : `exit code ${result.status}`; L52: throw new Error(`migration command failed: ${command} ${args.join(" ")} (${reason})`); ... L380: try { L381: raw = JSON.parse(await readFile(filePath, "utf8")); L382: } catch {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunk-7HYPN2GC.jsView on unpkg · L32
scripts/faiss_index.pyView file
path = scripts/faiss_index.py kind = build_helper sizeBytes = 31898 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/faiss_index.pyView on unpkg
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @remnic/core@9.3.676 matchedIdentity = npm:QHJlbW5pYy9jb3Jl:9.3.676 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
src/session-summaries/session-summaries.test.tsView file
1292patternName = generic_password severity = medium line = 1292 matchedText = content:...t.',
Medium
Secret Pattern

Hardcoded password in src/session-summaries/session-summaries.test.ts

src/session-summaries/session-summaries.test.tsView on unpkg · L1292

Findings

2 High7 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltadist/index.js
MediumDynamic Requiredist/chunk-TQNRI55H.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunk-7HYPN2GC.js
MediumShips Build Helperscripts/faiss_index.py
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/session-summaries/session-summaries.test.ts
LowScripts Present
LowWeak Cryptodist/surfaces/dreams.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings