registry  /  @sasjs/cli  /  4.18.1

@sasjs/cli@4.18.1

Command line interface for SASjs

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 282 file(s), 2.31 MB of source, external domains: api.agify.io, cli.sasjs.io, core.sasjs.io, example.com, github.com, raw.githubusercontent.com, sasjs.io, server.com, support.sas.com, test.sasjs, www.contributor-covenant.org, www.conventionalcommits.org, www.doxygen.nl

Source & flagged code

6 flagged · loading source
build/commands/create/spec/create.spec.jsView file
60if (!command.includes('npm install')) { L61: return exec(command, { L62: silent: true
High
Child Process

Package source references child process execution.

build/commands/create/spec/create.spec.jsView on unpkg · L60
build/utils/utils.jsView file
92Object.defineProperty(exports, "__esModule", { value: true }); L93: exports.isSasJsServerInServerMode = exports.getNodeModulePath = exports.isSASjsProject = exports.terminateProcess = exports.prefixAppLoc = exports.loadEnvVariables = exports.displa... L94: var shelljs_1 = __importDefault(require("shelljs"));
High
Shell

Package source references shell execution.

build/utils/utils.jsView on unpkg · L92
310(_c = process.logger) === null || _c === void 0 ? void 0 : _c.info('Installing @sasjs/core'); L311: shelljs_1.default.exec("cd \"".concat(folderPath, "\" && npm i @sasjs/core --save"), { L312: silent: true
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

build/utils/utils.jsView on unpkg · L310
build/commands/add/spec/addTarget.spec.jsView file
237patternName = generic_password severity = medium line = 237 matchedText = password...ord'
Medium
Secret Pattern

Hardcoded password in build/commands/add/spec/addTarget.spec.js

build/commands/add/spec/addTarget.spec.jsView on unpkg · L237
359patternName = generic_password severity = medium line = 359 matchedText = password...ord'
Medium
Secret Pattern

Hardcoded password in build/commands/add/spec/addTarget.spec.js

build/commands/add/spec/addTarget.spec.jsView on unpkg · L359
build/commands/job/spec/jobCommand.spec.jsView file
114patternName = generic_password severity = medium line = 114 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in build/commands/job/spec/jobCommand.spec.js

build/commands/job/spec/jobCommand.spec.jsView on unpkg · L114

Findings

3 High6 Medium5 Low
HighChild Processbuild/commands/create/spec/create.spec.js
HighShellbuild/utils/utils.js
HighRuntime Package Installbuild/utils/utils.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patternbuild/commands/add/spec/addTarget.spec.js
MediumSecret Patternbuild/commands/add/spec/addTarget.spec.js
MediumSecret Patternbuild/commands/job/spec/jobCommand.spec.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings