registry  /  @vigolium/vigolium  /  0.2.0

@vigolium/vigolium@0.2.0

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
CopyleftLicense
scanned 1 file(s), 5.97 KB of source, external domains: docs.vigolium.com

Source & flagged code

1 flagged · loading source
bin/vigolium.jsView file
8L9: import { spawn } from "node:child_process"; L10: import { createReadStream, createWriteStream, existsSync, statSync } from "node:fs"; ... L13: import { pipeline } from "node:stream/promises"; L14: import { createGunzip } from "node:zlib"; L15: import os from "node:os"; ... L18: L19: // __dirname / require equivalents in ESM. L20: const __filename = fileURLToPath(import.meta.url); ... L35: function detectPackageManager() { L36: const userAgent = process.env.npm[redacted] || ""; L37: if (/\bbun\//.test(userAgent)) return "bun";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/vigolium.jsView on unpkg · L8

Findings

1 High1 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/vigolium.js
MediumEnvironment Vars
LowFilesystem
LowUrl Strings
LowCopyleft License