registry  /  @saluzi/saluzi-edu  /  0.1.80

@saluzi/saluzi-edu@0.1.80

Saluzi CLI - interactive AI coding assistant in the terminal

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 329 KB of source, external domains: 127.0.0.1, api.anthropic.com, docs.anthropic.com, docs.expo.dev, ghproxy.net, github.com, platform.claude.com
Oversized source lightweight scan
dist/cli.js14.7 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsMinifiedUrlStrings127.0.0.1api.anthropic.comdocs.anthropic.comdocs.expo.devgithub.complatform.claude.com

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/postinstall.cjsView file
23Manifest entrypoint (scripts.postinstall) carries capability families absent from dist/build output: environment+network, execution+network L23: } = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L190: } L191: return Buffer.from(await response.arrayBuffer())
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

scripts/postinstall.cjsView on unpkg · L23
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L190: } L191: return Buffer.from(await response.arrayBuffer())
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

scripts/postinstall.cjsView on unpkg · L23
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L190: } L191: return Buffer.from(await response.arrayBuffer())
High
Install Named Payload File

Install-named source file stages remote content through filesystem writes and execution.

scripts/postinstall.cjsView on unpkg · L23
dist/vendor/audio-capture/x64-darwin/audio-capture.nodeView file
path = dist/vendor/audio-capture/x64-darwin/audio-capture.node kind = native_binary sizeBytes = 439076 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/vendor/audio-capture/x64-darwin/audio-capture.nodeView on unpkg
dist/tree-sitter.wasmView file
path = dist/tree-sitter.wasm kind = wasm_module sizeBytes = 205488 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/tree-sitter.wasmView on unpkg
dist/cli.jsView file
path = dist/cli.js kind = oversized_source_file sizeBytes = 15457557 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/cli.jsView on unpkg
path = dist/cli.js kind = oversized_cli_entrypoint sizeBytes = 15457557 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.jsView on unpkg

Findings

5 High7 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighEntrypoint Build Divergencescripts/postinstall.cjs
HighSandbox Evasion Gated Capabilityscripts/postinstall.cjs
HighInstall Named Payload Filescripts/postinstall.cjs
HighOversized Source Filedist/cli.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarydist/vendor/audio-capture/x64-darwin/audio-capture.node
MediumShips Wasm Moduledist/tree-sitter.wasm
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings