registry  /  @toolfactory.dev/core  /  1.0.0-rc.1

@toolfactory.dev/core@1.0.0-rc.1

Shared codegen library for api2ai and db2ai

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 23 file(s), 100 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = husky
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
out/codegen/render-oauth-http-mcp-server.jsView file
164loadLocalEnvFiles(envDirs); L165: const imported = await import(pathToFileURL(path.resolve(modulePath)).href); L166: if (!imported || typeof imported !== 'object') {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

out/codegen/render-oauth-http-mcp-server.jsView on unpkg · L164

Findings

1 High4 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requireout/codegen/render-oauth-http-mcp-server.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings