Static Scan Results
scanned 2d ago · by rust-scannerStatic analysis completed at 93.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Decision evidence
public snapshotBehavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcebin/llm-coding-bridge.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @sevoniva/llm-coding-bridge@0.1.7
matchedIdentity = npm:[redacted]:0.1.7
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/llm-coding-bridge.jsView on unpkg4const fs = require("node:fs");
L5: const http = require("node:http");
L6: const os = require("node:os");
...
L8: const { randomUUID } = require("node:crypto");
L9: const { spawnSync } = require("node:child_process");
L10: const readline = require("node:readline/promises");
...
L15: const command = argv[0] && !argv[0].startsWith("-") ? argv.shift() : "help";
L16: const args = { command, config: DEFAULT_CONFIG, out: DEFAULT_CONFIG, name: "llm-coding-bridge", home: os.homedir(), lines: 80 };
L17: if (command === "template" && argv[0] && !argv[0].startsWith("-")) args.template = argv.shift();
...
L54: const configPath = path.resolve(file);
L55: const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
L56: const server = { host: "127.0.0.1", port: 18080, ...(config.server || {}) };
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
bin/llm-coding-bridge.jsView on unpkg · L4Findings
1 High3 Medium4 Low
HighPrevious Version Dangerous Deltabin/llm-coding-bridge.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/llm-coding-bridge.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings