registry  /  @superhumaan/dna-by-humaan  /  0.4.4

@superhumaan/dna-by-humaan@0.4.4

DNA by Humaan — open-source project brain, 768-pack knowledge marketplace, tiered compliance (GDPR/HIPAA/ISO/SOC2), runtime observer, and AI-assisted repair for TypeScript teams

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 803 KB of source, external domains: api.anthropic.com, api.github.com, api.openai.com, dna.humaan.app, github.com, staging.example.com

Source & flagged code

1 flagged · loading source
dist/index.jsView file
27const raw = await readFile31(assetsPath, "utf8"); L28: return JSON.parse(raw); L29: } ... L34: "", L35: "Maintained by Humaan by Superlite (https://dna.humaan.app)", L36: `Sponsor DNA: ${ledger.sponsorUrl}`, ... L167: ]; L168: var MARKETPLACE_BASE_URL = process.env.DNA_MARKETPLACE_URL ?? "https://dna.humaan.app/marketplace"; L169: var DNA_GDPR_SOURCE_DOCS_ENV = "DNA_GDPR_SOURCE_DOCS"; ... L382: title: z.string(), L383: body: z.string(), L384: labels: z.array(z.string())
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L27

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings