registry  /  @wavemaker/react-codegen  /  11.15.5-1.256

@wavemaker/react-codegen@11.15.5-1.256

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 158 file(s), 583 KB of source

Source & flagged code

3 flagged · loading source
templates/project/.envView file
patternName = blocked_file severity = critical matchedText = templates/project/.env redactedSecretContext = secretLikeLines = 0 notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret

Package contains a critical-looking secret pattern.

templates/project/.envView on unpkg
src/gen-app-override-css.jsView file
41const utils_1 = require("./utils"); L42: const dynamicImport = new Function("specifier", "return import(specifier);"); L43: const importFromFile = async (modulePath) => {
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/gen-app-override-css.jsView on unpkg · L41
index.jsView file
6Object.defineProperty(exports, "__esModule", { value: true }); L7: const yargs_1 = __importDefault(require("yargs")); L8: const path_1 = __importDefault(require("path"));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L6

Findings

1 Critical3 Medium5 Low
CriticalCritical Secrettemplates/project/.env
MediumDynamic Requireindex.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/gen-app-override-css.js
LowFilesystem
LowHigh Entropy Strings