registry  /  @suiflex/suitest  /  0.1.8

@suiflex/suitest@0.1.8

Suitest local bundle — one command runs the full local stack (dashboard + SQLite + MCP).

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 12 file(s), 1.46 MB of source, external domains: 127.0.0.1, api.example.com, app.example.com, astral.sh, bit.ly, github.com, mcp.acme.dev, radix-ui.com, react.dev, redux-toolkit.js.org, redux.js.org, registry.npmjs.org, www.w3.org

Source & flagged code

6 flagged · loading source
lib/onboard.jsView file
39patternName = generic_password severity = medium line = 39 matchedText = const co...m();
Medium
Secret Pattern

Package contains a possible secret pattern.

lib/onboard.jsView on unpkg · L39
bin/suitest.jsView file
3L4: const { parseArgs } = require("node:util"); L5:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/suitest.jsView on unpkg · L3
lib/venv.jsView file
4const path = require("node:path"); L5: const { execFileSync, spawnSync } = require("node:child_process"); L6: L7: const pkg = require("../package.json"); L8: L9: function uvInstallHint(platform = process.platform) { L10: const cmd = L11: platform === "win32" L12: ? ' powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"' L13: : " curl -LsSf https://astral.sh/uv/install.sh | sh";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/venv.jsView on unpkg · L4
assets/wheels/suitest_shared-0.1.0-py3-none-any.whlView file
path = assets/wheels/suitest_shared-0.1.0-py3-none-any.whl kind = compressed_blob sizeBytes = 17007 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

assets/wheels/suitest_shared-0.1.0-py3-none-any.whlView on unpkg
path = assets/wheels/suitest_shared-0.1.0-py3-none-any.whl kind = nested_archive_needs_inspection sizeBytes = 17007 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

assets/wheels/suitest_shared-0.1.0-py3-none-any.whlView on unpkg
assets/web/assets/geist-sans-latin-600-normal-DFOURf8L.woff2View file
path = assets/web/assets/geist-sans-latin-600-normal-DFOURf8L.woff2 kind = high_entropy_blob sizeBytes = 35292 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/web/assets/geist-sans-latin-600-normal-DFOURf8L.woff2View on unpkg

Findings

2 High7 Medium6 Low
HighSandbox Evasion Gated Capabilitylib/venv.js
HighShips High Entropy Blobassets/web/assets/geist-sans-latin-600-normal-DFOURf8L.woff2
MediumSecret Patternlib/onboard.js
MediumDynamic Requirebin/suitest.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Compressed Blobassets/wheels/suitest_shared-0.1.0-py3-none-any.whl
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectionassets/wheels/suitest_shared-0.1.0-py3-none-any.whl