registry  /  @zigrivers/scaffold  /  3.40.0

@zigrivers/scaffold@3.40.0

AI-powered software project scaffolding pipeline

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 23 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 543 file(s), 3.59 MB of source, external domains: 0.0.0.0, 0.1.2.3, 1.1.1.1, 10.0.0.1, 100.127.255.254, 100.128.0.1, 100.63.0.1, 100.64.0.1, 127.0.0.1, 169.254.169.254, 172.20.0.1, 192.0.0.1, 192.0.2.1, 192.168.1.1, 198.18.0.1, 198.19.255.254, 198.51.100.1, 203.0.113.1, 224.0.0.1, 239.255.255.255, 240.0.0.1, 255.255.255.255, 8.8.8.8, 93.184.216.34, a.example.org, api.deepseek.com, api.z.ai, attacker.example, b.example.org, bad.test, docs.owasp.org, docs.test, evil.test, example.com, example.org, flaky.example.com, github.com, good.test, hop.example.org, ietf.org, other.test, owasp.org, real.test, registry.npmjs.org, stackoverflow.com, www.apple.com, www.w3.org, x.com, x.test

Source & flagged code

15 flagged · loading source
dist/observability/renderers/terminal.test.jsView file
115patternName = github_pat severity = critical line = 115 matchedText = tainted....ef';
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/observability/renderers/terminal.test.jsView on unpkg · L115
115patternName = github_pat severity = critical line = 115 matchedText = tainted....ef';
Critical
Secret Pattern

GitHub personal access token in dist/observability/renderers/terminal.test.js

dist/observability/renderers/terminal.test.jsView on unpkg · L115
117patternName = github_pat severity = critical line = 117 matchedText = expect(o...f');
Critical
Secret Pattern

GitHub personal access token in dist/observability/renderers/terminal.test.js

dist/observability/renderers/terminal.test.jsView on unpkg · L117
dist/observability/checks/lens-c-standards.test.jsView file
72writeFileSync(join(dir, 'docs/coding-standards.md'), '### Rule: no-eval\n- forbidden: eval, new Function\n- match: src/**/*.ts\n'); L73: writeFileSync(join(dir, 'src/foo.ts'), 'eval(\'1 + 1\')\n'); L74: const graph = await buildDocGraph(dir);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/observability/checks/lens-c-standards.test.jsView on unpkg · L72
dist/cli/commands/dashboard.jsView file
5import { createRequire } from 'node:module'; L6: const require = createRequire(import.meta.url); L7: const pkg = require('../../../package.json');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli/commands/dashboard.jsView on unpkg · L5
dist/observability/renderers/markdown.test.jsView file
78patternName = github_pat severity = critical line = 78 matchedText = tainted....ef';
Critical
Secret Pattern

GitHub personal access token in dist/observability/renderers/markdown.test.js

dist/observability/renderers/markdown.test.jsView on unpkg · L78
80patternName = github_pat severity = critical line = 80 matchedText = expect(m...f');
Critical
Secret Pattern

GitHub personal access token in dist/observability/renderers/markdown.test.js

dist/observability/renderers/markdown.test.jsView on unpkg · L80
dist/observability/engine/redact.test.jsView file
104patternName = github_pat severity = critical line = 104 matchedText = payload:...ef',
Critical
Secret Pattern

GitHub personal access token in dist/observability/engine/redact.test.js

dist/observability/engine/redact.test.jsView on unpkg · L104
209patternName = github_pat severity = critical line = 209 matchedText = title: '...ef',
Critical
Secret Pattern

GitHub personal access token in dist/observability/engine/redact.test.js

dist/observability/engine/redact.test.jsView on unpkg · L209
228patternName = github_pat severity = critical line = 228 matchedText = expect(J...f');
Critical
Secret Pattern

GitHub personal access token in dist/observability/engine/redact.test.js

dist/observability/engine/redact.test.jsView on unpkg · L228
content/knowledge/core/multi-service-testing.mdView file
655patternName = generic_password severity = medium line = 655 matchedText = password...3!',
Medium
Secret Pattern

Hardcoded password in content/knowledge/core/multi-service-testing.md

content/knowledge/core/multi-service-testing.mdView on unpkg · L655
661patternName = generic_password severity = medium line = 661 matchedText = password...3!',
Medium
Secret Pattern

Hardcoded password in content/knowledge/core/multi-service-testing.md

content/knowledge/core/multi-service-testing.mdView on unpkg · L661
content/knowledge/core/testing-strategy.mdView file
136patternName = generic_password severity = medium line = 136 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in content/knowledge/core/testing-strategy.md

content/knowledge/core/testing-strategy.mdView on unpkg · L136
152patternName = generic_password severity = medium line = 152 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in content/knowledge/core/testing-strategy.md

content/knowledge/core/testing-strategy.mdView on unpkg · L152
348patternName = generic_password severity = medium line = 348 matchedText = password...3!',
Medium
Secret Pattern

Hardcoded password in content/knowledge/core/testing-strategy.md

content/knowledge/core/testing-strategy.mdView on unpkg · L348

Findings

8 Critical9 Medium6 Low
CriticalCritical Secretdist/observability/renderers/terminal.test.js
CriticalSecret Patterndist/observability/renderers/terminal.test.js
CriticalSecret Patterndist/observability/renderers/terminal.test.js
CriticalSecret Patterndist/observability/renderers/markdown.test.js
CriticalSecret Patterndist/observability/renderers/markdown.test.js
CriticalSecret Patterndist/observability/engine/redact.test.js
CriticalSecret Patterndist/observability/engine/redact.test.js
CriticalSecret Patterndist/observability/engine/redact.test.js
MediumDynamic Requiredist/cli/commands/dashboard.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterncontent/knowledge/core/multi-service-testing.md
MediumSecret Patterncontent/knowledge/core/multi-service-testing.md
MediumSecret Patterncontent/knowledge/core/testing-strategy.md
MediumSecret Patterncontent/knowledge/core/testing-strategy.md
MediumSecret Patterncontent/knowledge/core/testing-strategy.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/observability/checks/lens-c-standards.test.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings