registry  /  @tinyfiles/cli  /  0.1.39

@tinyfiles/cli@0.1.39

AT-1 / TinyFiles CLI — verified-lossless, queryable compression. Native prebuilt binary, no Python required.

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcess
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.70 KB of source, external domains: tinyfiles.io

Source & flagged code

3 flagged · loading source
bin/at1.cjsView file
12*/ L13: const { spawnSync } = require("node:child_process"); L14:
High
Child Process

Package source references child process execution.

bin/at1.cjsView on unpkg · L12
12*/ L13: const { spawnSync } = require("node:child_process"); L14: L15: function resolveBinary() { L16: const platform = process.platform; // 'win32' | 'darwin' | 'linux' L17: const arch = process.arch; // 'x64' | 'arm64' ... L27: if (!bin) { L28: process.stderr.write( L29: `AT-1: no prebuilt binary for ${process.platform}-${process.arch}.\n` + ... L31: `If you're on one of those, reinstall so the platform package is fetched ` + L32: `(e.g. npm i -g @tinyfiles/cli). On other platforms, use the desktop app: https://tinyfiles.io/download.\n` L33: );
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/at1.cjsView on unpkg · L12
31`If you're on one of those, reinstall so the platform package is fetched ` + L32: `(e.g. npm i -g @tinyfiles/cli). On other platforms, use the desktop app: https://tinyfiles.io/download.\n` L33: ); ... L36: L37: const res = spawnSync(bin, process.argv.slice(2), { stdio: "inherit" }); L38: if (res.error) {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/at1.cjsView on unpkg · L31

Findings

3 High1 Medium2 Low
HighChild Processbin/at1.cjs
HighSandbox Evasion Gated Capabilitybin/at1.cjs
HighRuntime Package Installbin/at1.cjs
MediumStructural Risk Force Deep Review
LowUrl Strings
LowNo License