registry  /  aetherml  /  1.5.0

aetherml@1.5.0

AI-Native Language for SEO

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 18 file(s), 44.4 KB of source, external domains: generativelanguage.googleapis.com, integrate.api.nvidia.com, placeholder.supabase.co, schema.org

Source & flagged code

4 flagged · loading source
bin/aetherml.jsView file
4import path from 'path'; L5: import { spawn } from 'child_process'; L6: import crypto from 'crypto';
High
Child Process

Package source references child process execution.

bin/aetherml.jsView on unpkg · L4
264console.log(chalk.cyan('\n🚀 Starting Next.js development server...\n')); L265: const devProc = spawn(npmCmd, ['run', 'dev'], { cwd: outputDir, stdio: 'inherit', shell: true }); L266: devProc.on('error', (err) => {
High
Shell

Package source references shell execution.

bin/aetherml.jsView on unpkg · L264
262if (currentHash === previousHash && fs.existsSync(nodeModulesPath)) { L263: console.log(chalk.green('✔ Dependencies unchanged. Skipping npm install (Incremental Cache hit).')); L264: console.log(chalk.cyan('\n🚀 Starting Next.js development server...\n')); L265: const devProc = spawn(npmCmd, ['run', 'dev'], { cwd: outputDir, stdio: 'inherit', shell: true }); L266: devProc.on('error', (err) => {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/aetherml.jsView on unpkg · L262
4import path from 'path'; L5: import { spawn } from 'child_process'; L6: import crypto from 'crypto'; ... L248: L249: const packageJsonPath = path.join(outputDir, 'package.json'); L250: const packageJsonContent = fs.readFileSync(packageJsonPath, 'utf-8'); ... L259: const nodeModulesPath = path.join(outputDir, 'node_modules'); L260: const npmCmd = process.platform === 'win32' ? 'npm.cmd' : 'npm'; L261:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/aetherml.jsView on unpkg · L4

Findings

3 High3 Medium6 Low
HighChild Processbin/aetherml.js
HighShellbin/aetherml.js
HighRuntime Package Installbin/aetherml.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/aetherml.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License