registry  /  @usecontextlayer/ctxe  /  0.5.3

@usecontextlayer/ctxe@0.5.3

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 2 file(s), 1.36 MB of source, external domains: 127.0.0.1, github.com, json-schema.org

Source & flagged code

3 flagged · loading source
dist/cli.mjsView file
27435if (!fs$1[gracefulQueue]) { L27436: publishQueue(fs$1, global[gracefulQueue] || []); L27437: fs$1.close = (function(fs$close) {
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/cli.mjsView on unpkg · L27435
512try { L513: new Function(""); L514: return true;
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/cli.mjsView on unpkg · L512
7import path, { resolve, sep } from "node:path"; L8: import { ChildProcess, execFile, spawn, spawnSync } from "node:child_process"; L9: import { aborted, callbackify, debuglog, formatWithOptions, inspect, promisify, stripVTControlCharacters, styleText } from "node:util"; ... L11: import { appendFileSync, createReadStream, createWriteStream, readFileSync, statSync, writeFileSync } from "node:fs"; L12: import g$1, { execArgv, execPath, hrtime, platform, stdin, stdout } from "node:process"; L13: import * as tty$1 from "node:tty"; ... L25: import os from "os"; L26: import net from "net"; L27: import tls from "tls"; ... L60: //#endregion L61: //#region package.json L62: var version$2 = "0.5.3";
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli.mjsView on unpkg · L7

Findings

1 High3 Medium7 Low
HighObfuscated Payload Loaderdist/cli.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/cli.mjs
LowWeak Cryptodist/cli.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License