registry  /  @smartledger/bsv  /  5.5.3

@smartledger/bsv@5.5.3

🚀 Complete Bitcoin SV development framework with legally-recognizable DID:web + W3C VC-JWT toolkit, Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), StatusList2021 revocation, and 16 flexible loading options. Standards-based crede

Static Scan Results

scanned 13d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 12 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindings
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 171 file(s), 9.82 MB of source, external domains: bsv.io, docs.moneybutton.com, feross.org, github.com, smartledger.technology, w3id.org, www.w3.org

Source & flagged code

4 flagged · loading source
bsv-statuslist.min.jsView file
16/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */ L17: var n=r(8287),i=n.Buffer;function o(t,e){for(var r in t)e[r]=t[r]}function a(t,e,r){return i(t,e,r)}i.from&&i.alloc&&i.allocUnsafe&&i.allocUnsafeSlow?t.exports=n:(o(n,e),e.Buffer=a...
Low
Eval

Package source references a known benign dynamic code generation pattern.

bsv-statuslist.min.jsView on unpkg · L16
lib/crypto/hash.node.jsView file
11* See: L12: * https://en.wikipedia.org/wiki/SHA-1 L13: *
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/crypto/hash.node.jsView on unpkg · L11
test/data/blk86756-testnet.datView file
•path = test/data/blk86756-testnet.dat kind = high_entropy_blob sizeBytes = 9500 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

test/data/blk86756-testnet.datView on unpkg
•path = test/data/blk86756-testnet.dat kind = payload_in_excluded_dir sizeBytes = 9500 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

test/data/blk86756-testnet.datView on unpkg

Findings

2 High2 Medium8 Low
HighShips High Entropy Blobtest/data/blk86756-testnet.dat
HighPayload In Excluded Dirtest/data/blk86756-testnet.dat
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbsv-statuslist.min.js
LowWeak Cryptolib/crypto/hash.node.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings