registry  /  @smartledger/bsv  /  6.0.1

@smartledger/bsv@6.0.1

🚀 Complete Bitcoin SV development framework with legally-recognizable DID:web + W3C VC-JWT toolkit, Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), StatusList2021 revocation, and 16 flexible loading options. Standards-based crede

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 13 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindings
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 178 file(s), 10.0 MB of source, external domains: bsv.io, docs.moneybutton.com, feross.org, github.com, smartledger.technology, w3id.org, www.w3.org

Source & flagged code

5 flagged · loading source
bsv-statuslist.min.jsView file
16/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */ L17: var n=r(8287),i=n.Buffer;function o(t,e){for(var r in t)e[r]=t[r]}function a(t,e,r){return i(t,e,r)}i.from&&i.alloc&&i.allocUnsafe&&i.allocUnsafeSlow?t.exports=n:(o(n,e),e.Buffer=a...
Low
Eval

Package source references a known benign dynamic code generation pattern.

bsv-statuslist.min.jsView on unpkg · L16
lib/crypto/hash.node.jsView file
11* See: L12: * https://en.wikipedia.org/wiki/SHA-1 L13: *
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/crypto/hash.node.jsView on unpkg · L11
test/data/blk86756-testnet.datView file
•path = test/data/blk86756-testnet.dat kind = high_entropy_blob sizeBytes = 9500 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

test/data/blk86756-testnet.datView on unpkg
•path = test/data/blk86756-testnet.dat kind = payload_in_excluded_dir sizeBytes = 9500 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

test/data/blk86756-testnet.datView on unpkg
bin/cli.jsView file
•matchType = previous_version_dangerous_delta matchedPackage = @smartledger/bsv@5.5.3 matchedIdentity = npm:QHNtYXJ0bGVkZ2VyL2Jzdg:5.5.3 similarity = 0.775 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/cli.jsView on unpkg

Findings

3 High2 Medium8 Low
HighShips High Entropy Blobtest/data/blk86756-testnet.dat
HighPayload In Excluded Dirtest/data/blk86756-testnet.dat
HighPrevious Version Dangerous Deltabin/cli.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbsv-statuslist.min.js
LowWeak Cryptolib/crypto/hash.node.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings