registry  /  @stage5/lumine  /  0.2.9

@stage5/lumine@0.2.9

Command line tools for launching Lumine builds on Twinkle.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 12 file(s), 208 KB of source, external domains: api.twinkle.network, preview.lumine.app, registry.npmjs.org, www.twin-kle.com

Source & flagged code

2 flagged · loading source
lib/doctor.jsView file
431async function loadHdr(url) { L432: const { RGBELoader } = await import('/build/vendor/three/0.184.0/addons/loaders/RGBELoader.js'); L433: const texture = await new Promise((resolve, reject) => {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/doctor.jsView on unpkg · L431
lib/constants.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @stage5/lumine@0.2.8 matchedIdentity = npm:QHN0YWdlNS9sdW1pbmU:0.2.8 similarity = 0.833 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/constants.jsView on unpkg

Findings

1 High3 Medium5 Low
HighPrevious Version Dangerous Deltalib/constants.js
MediumDynamic Requirelib/doctor.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License