registry  /  @sailoud/smp  /  2.1.25

@sailoud/smp@2.1.25

Sailoud MicroProgram

Static Scan Results

scanned 13h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 1.02 MB of source, external domains: feross.org, foo.com, github.com, registry.npmjs.org, www.vikacg.com

Source & flagged code

5 flagged · loading source
bin/smp.mjsView file
1#!/usr/bin/env node L2: import{defineCommand as ne,runMain as ie}from"citty";import{consola as s}from"consola";import f from"shelljs";import{spawn as se}from"node:child_process";import{createRequire as ae... L3: `)}).finally(()=>{t.delete(a)});t.add(a)}}async function Ee(e,t){if(e.jsonrpc!=="2.0")throw new b(-32600,"Invalid Request: jsonrpc must be 2.0");switch(e.method){case"initialize":r...
High
Child Process

Package source references child process execution.

bin/smp.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as ne,runMain as ie}from"citty";import{consola as s}from"consola";import f from"shelljs";import{spawn as se}from"node:child_process";import{createRequire as ae... L3: `)}).finally(()=>{t.delete(a)});t.add(a)}}async function Ee(e,t){if(e.jsonrpc!=="2.0")throw new b(-32600,"Invalid Request: jsonrpc must be 2.0");switch(e.method){case"initialize":r...
High
Shell

Package source references shell execution.

bin/smp.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as ne,runMain as ie}from"citty";import{consola as s}from"consola";import f from"shelljs";import{spawn as se}from"node:child_process";import{createRequire as ae... L3: `)}).finally(()=>{t.delete(a)});t.add(a)}}async function Ee(e,t){if(e.jsonrpc!=="2.0")throw new b(-32600,"Invalid Request: jsonrpc must be 2.0");switch(e.method){case"initialize":r...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/smp.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as ne,runMain as ie}from"citty";import{consola as s}from"consola";import f from"shelljs";import{spawn as se}from"node:child_process";import{createRequire as ae... L3: `)}).finally(()=>{t.delete(a)});t.add(a)}}async function Ee(e,t){if(e.jsonrpc!=="2.0")throw new b(-32600,"Invalid Request: jsonrpc must be 2.0");switch(e.method){case"initialize":r...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/smp.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as ne,runMain as ie}from"citty";import{consola as s}from"consola";import f from"shelljs";import{spawn as se}from"node:child_process";import{createRequire as ae... L3: `)}).finally(()=>{t.delete(a)});t.add(a)}}async function Ee(e,t){if(e.jsonrpc!=="2.0")throw new b(-32600,"Invalid Request: jsonrpc must be 2.0");switch(e.method){case"initialize":r...
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/smp.mjsView on unpkg · L1

Findings

5 High4 Medium5 Low
HighChild Processbin/smp.mjs
HighShellbin/smp.mjs
HighSame File Env Network Executionbin/smp.mjs
HighCommand Output Exfiltrationbin/smp.mjs
HighRuntime Package Installbin/smp.mjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings