registry  /  @temporalio/create  /  1.19.0

@temporalio/create@1.19.0

Create a Temporal project from template

Static Scan Results

scanned 14d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 33 file(s), 60.9 KB of source, external domains: api.github.com, codeload.github.com, github.com, registry.npmjs.org

Source & flagged code

1 flagged · loading source
lib/helpers/install.jsView file
1// Modified from: https://github.com/vercel/next.[redacted]-next-app/helpers/install.ts L2: import { readFile, writeFile } from 'node:fs/promises'; ... L11: export function install({ root, useYarn }) { L12: const isWindows = process.platform === 'win32'; L13: const npm = isWindows ? 'npm.cmd' : 'npm'; L14: const command = useYarn ? 'yarn' : npm; L15: return spawn(command, ['install'], { L16: cwd: root, L17: stdio: 'inherit', L18: env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, L19: shell: isWindows, ... L26: if (packageExists) {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/helpers/install.jsView on unpkg · L1

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitylib/helpers/install.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings