registry  /  @unclesaliva/java-ai-debugger  /  1.0.2

@unclesaliva/java-ai-debugger@1.0.2

Java AI Debugger — MCP server (TypeScript) for remote JVM debugging via JDWP

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 14 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 49.3 KB of source, external domains: 127.0.0.1

Source & flagged code

6 flagged · loading source
dist/stop.jsView file
43exports.stopCommand = stopCommand; L44: const node_child_process_1 = require("node:child_process"); L45: const os = __importStar(require("node:os"));
High
Child Process

Package source references child process execution.

dist/stop.jsView on unpkg · L43
dist/autostart.jsView file
46exports.startDebugCore = startDebugCore; L47: const node_child_process_1 = require("node:child_process"); L48: const fs = __importStar(require("node:fs")); ... L50: const os = __importStar(require("node:os")); L51: const net = __importStar(require("node:net")); L52: let debugCoreProc = null; ... L54: function resolveJava() { L55: const envHome = process.env.JAVA_HOME; L56: const candidates = [];
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/autostart.jsView on unpkg · L46
matchType = previous_version_dangerous_delta matchedPackage = @unclesaliva/java-ai-debugger@1.0.1 matchedIdentity = npm:[redacted]:1.0.1 similarity = 0.714 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/autostart.jsView on unpkg
lib/debug-core-0.2.0-SNAPSHOT.jarView file
path = lib/debug-core-0.2.0-SNAPSHOT.jar kind = high_entropy_blob sizeBytes = 20923148 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

lib/debug-core-0.2.0-SNAPSHOT.jarView on unpkg
path = lib/debug-core-0.2.0-SNAPSHOT.jar kind = compressed_blob sizeBytes = 20923148 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

lib/debug-core-0.2.0-SNAPSHOT.jarView on unpkg
path = lib/debug-core-0.2.0-SNAPSHOT.jar kind = nested_archive_needs_inspection sizeBytes = 20923148 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

lib/debug-core-0.2.0-SNAPSHOT.jarView on unpkg

Findings

4 High4 Medium6 Low
HighChild Processdist/stop.js
HighSame File Env Network Executiondist/autostart.js
HighShips High Entropy Bloblib/debug-core-0.2.0-SNAPSHOT.jar
HighPrevious Version Dangerous Deltadist/autostart.js
MediumNetwork
MediumEnvironment Vars
MediumShips Compressed Bloblib/debug-core-0.2.0-SNAPSHOT.jar
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectionlib/debug-core-0.2.0-SNAPSHOT.jar