registry  /  @storm-software/linting-tools  /  1.134.13

@storm-software/linting-tools@1.134.13

⚡ A package containing various linting tools used to validate syntax, enforce design standards, and format code in a Storm workspace.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 42 file(s), 3.73 MB of source, external domains: api.github.com, bitbucket.com, bitbucket.org, developer.github.com, dotenvx.com, empty.invalid, git.sr.ht, github.com, gitlab.com, jimmy.warting.se, raw.githubusercontent.com, registry.npmjs.org, registry.yarnpkg.com, www.githubstatus.com
Oversized source lightweight scan
bin/lint.cjs14.3 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringsdeveloper.github.comdotenvx.comgithub.comregistry.yarnpkg.comwww.githubstatus.com
bin/lint.js13.9 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoHighEntropyStringsUrlStringsdeveloper.github.comdotenvx.comgithub.comregistry.yarnpkg.comwww.githubstatus.com

Source & flagged code

5 flagged · loading source
bin/chunk-SGQCORA2.jsView file
7502import { createRequire as __tinyexec_cr } from "node:module"; L7503: import { spawn as de } from "child_process"; L7504: import { normalize as fe } from "path";
High
Child Process

Package source references child process execution.

bin/chunk-SGQCORA2.jsView on unpkg · L7502
7772let s = [t.command].concat(t.args).join(" "); L7773: t.args = ["/d", "/s", "/c", `"${s}"`], t.command = process.env.comspec || "cmd.exe", t.options.windowsVerbatimArguments = true; L7774: }
High
Shell

Package source references shell execution.

bin/chunk-SGQCORA2.jsView on unpkg · L7772
bin/dist-7F7YQGX6.jsView file
90Cross-file remote execution chain: bin/dist-7F7YQGX6.js spawns bin/chunk-3O7WH4BA.js; helper contains network access plus dynamic code execution. L90: proc = typeof process === "object" && process ? process : { L91: stdout: null, L92: stderr: null ... L146: this.unpipe(); L147: if (this.opts.end) this.dest.end(); L148: } ... L258: if (isArrayBufferView(chunk)) L259: chunk = Buffer.from(chunk.buffer, chunk.byteOffset, chunk.byteLength); L260: else if (isArrayBuffer(chunk)) chunk = Buffer.from(chunk); ... L1538: init_esm_shims(); L1539: var platform = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform; L1540: module.exports = platform !== "win32" ? (p2) => p2 : (p2) => p2 && p2.replace(/\\/g, "/");
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

bin/dist-7F7YQGX6.jsView on unpkg · L90
bin/lint.cjsView file
path = bin/lint.cjs kind = oversized_source_file sizeBytes = 15026275 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

bin/lint.cjsView on unpkg
path = bin/lint.cjs kind = oversized_cli_entrypoint sizeBytes = 15026275 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

bin/lint.cjsView on unpkg

Findings

4 High4 Medium3 Low
HighChild Processbin/chunk-SGQCORA2.js
HighShellbin/chunk-SGQCORA2.js
HighCross File Remote Execution Contextbin/dist-7F7YQGX6.js
HighOversized Source Filebin/lint.cjs
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointbin/lint.cjs
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings