registry  /  @xrmforge/devkit  /  0.7.37

@xrmforge/devkit@0.7.37

Build orchestration and project tooling for Dynamics 365 WebResources

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEvalFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 47.2 KB of source

Source & flagged code

3 flagged · loading source
dist/templates/validate-form.mjsView file
15L16: import { execSync } from 'node:child_process'; L17: import { readdirSync, readFileSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/templates/validate-form.mjsView on unpkg · L15
41try { L42: execSync('npx tsc --noEmit', { stdio: 'pipe', encoding: 'utf-8' }); L43: console.log(`${GREEN}OK${NC} tsc --noEmit`);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/templates/validate-form.mjsView on unpkg · L41
213L214: // 3j. eval() usage L215: checkPattern(
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/templates/validate-form.mjsView on unpkg · L213

Findings

3 High1 Medium4 Low
HighChild Processdist/templates/validate-form.mjs
HighShell
HighRuntime Package Installdist/templates/validate-form.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/templates/validate-form.mjs
LowFilesystem
LowHigh Entropy Strings