registry  /  @vaharoni/devops  /  1.3.6

@vaharoni/devops@1.3.6

Devops utility

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 85 file(s), 343 KB of source, external domains: 127.0.0.1

Source & flagged code

4 flagged · loading source
dist/src/target-templates/lang-variants-common/typescript/config/.env.developmentView file
patternName = blocked_file severity = critical matchedText = dist/src/target-templates/lang-variants-common/typescript/config/.env.development redactedSecretContext = secretLikeLines = 0 notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/src/target-templates/lang-variants-common/typescript/config/.env.developmentView on unpkg
dist/devops.jsView file
3198for (const pluginFile of pluginFiles) { L3199: const plugin = await import(pluginFile); L3200: const keys = Object.keys(plugin);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/devops.jsView on unpkg · L3198
dist/cli/exec.shView file
path = dist/cli/exec.sh kind = build_helper sizeBytes = 526 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/cli/exec.shView on unpkg
dist/src/target-templates/lang-variants-common/python/.devops/docker-images/python-services/python-run.shView file
path = dist/src/target-templates/lang-variants-common/python/.devops/docker-images/python-services/python-run.sh kind = payload_in_excluded_dir sizeBytes = 140 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

dist/src/target-templates/lang-variants-common/python/.devops/docker-images/python-services/python-run.shView on unpkg

Findings

1 Critical1 High5 Medium4 Low
CriticalCritical Secretdist/src/target-templates/lang-variants-common/typescript/config/.env.development
HighPayload In Excluded Dirdist/src/target-templates/lang-variants-common/python/.devops/docker-images/python-services/python-run.sh
MediumDynamic Requiredist/devops.js
MediumEnvironment Vars
MediumShips Build Helperdist/cli/exec.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings