registry  /  @simular-ai/simulang-js  /  9.0.0

@simular-ai/simulang-js@9.0.0

Node.js bindings for simulang-rs

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNativeBindingsShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 86.8 KB of source, external domains: example.com, github.com, google.com, simular.ai, www.google.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall-hint.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
wrapped.jsView file
18L19: module.exports = require('./index.js') L20: const binding = module.exports
Medium
Dynamic Require

Package source references dynamic require/import behavior.

wrapped.jsView on unpkg · L18

Findings

1 High3 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirewrapped.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings