registry  /  @stacksjs/query-builder  /  0.70.69

@stacksjs/query-builder@0.70.69

The Stacks Query Builder integration

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 622 KB of source, external domains: avatars.githubusercontent.com, i.pravatar.cc, loremflickr.com, picsum.photos, via.placeholder.com, www.w3.org

Source & flagged code

5 flagged · loading source
dist/index.jsView file
1// @bun L2: var p0=import.meta.require;import{existsSync as M5,statSync as H5}from"fs";import{existsSync as Q2,mkdirSync as uj,readdirSync as nj,readFileSync as z2,writeFileSync as ij}from"fs"... L3: `)+`
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L1
1// @bun L2: var p0=import.meta.require;import{existsSync as M5,statSync as H5}from"fs";import{existsSync as Q2,mkdirSync as uj,readdirSync as nj,readFileSync as z2,writeFileSync as ij}from"fs"... L3: `)+` ... L5: `),w=await R5(D),T="AWS4-HMAC-SHA256",N=`${j}/${_}/${Q}/aws4_request`,q=[T,z,N,w].join(` L6: `),H=await s7(U.secretAccessKey,j,_,Q),x=await iX(H,q),h=Array.from(new Uint8Array(x)).map((y)=>y.toString(16).padStart(2,"0")).join(""),c=`${T} Credential=${U.accessKeyId}/${N}, S... L7: `);for(let J of G)if(J.trim()&&!J.includes(Q))console.error(this.formatConsoleMessage({timestamp:U,message:R0.gray(` ${J}`),level:X,showTimestamp:!1}))}break}}else if(!P0()){if(co...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L1
1// @bun L2: var p0=import.meta.require;import{existsSync as M5,statSync as H5}from"fs";import{existsSync as Q2,mkdirSync as uj,readdirSync as nj,readFileSync as z2,writeFileSync as ij}from"fs"... L3: `)+` ... L5: `),w=await R5(D),T="AWS4-HMAC-SHA256",N=`${j}/${_}/${Q}/aws4_request`,q=[T,z,N,w].join(` L6: `),H=await s7(U.secretAccessKey,j,_,Q),x=await iX(H,q),h=Array.from(new Uint8Array(x)).map((y)=>y.toString(16).padStart(2,"0")).join(""),c=`${T} Credential=${U.accessKeyId}/${N}, S... L7: `);for(let J of G)if(J.trim()&&!J.includes(Q))console.error(this.formatConsoleMessage({timestamp:U,message:R0.gray(` ${J}`),level:X,showTimestamp:!1}))}break}}else if(!P0()){if(co...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1
65patternName = generic_password severity = medium line = 65 matchedText = `;return...Of(`
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L65
5`),w=await R5(D),T="AWS4-HMAC-SHA256",N=`${j}/${_}/${Q}/aws4_request`,q=[T,z,N,w].join(` L6: `),H=await s7(U.secretAccessKey,j,_,Q),x=await iX(H,q),h=Array.from(new Uint8Array(x)).map((y)=>y.toString(16).padStart(2,"0")).join(""),c=`${T} Credential=${U.accessKeyId}/${N}, S... L7: `);for(let J of G)if(J.trim()&&!J.includes(Q))console.error(this.formatConsoleMessage({timestamp:U,message:R0.gray(` ${J}`),level:X,showTimestamp:!1}))}break}}else if(!P0()){if(co...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L5

Findings

3 High5 Medium4 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumSecret Patterndist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings