registry  /  apiblaze  /  0.4.9

apiblaze@0.4.9

Dev tunnel CLI for APIblaze — route localhost projects through your APIblaze endpoints

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 134 KB of source, external domains: 127.0.0.1, api.apiblaze.com, api.example.com, apikeys.apiblaze.com, auth.apiblaze.com, dashboard.apiblaze.com, httpbin.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
228function openBrowser(url) { L229: const { exec } = require("child_process"); L230: const cmd = process.platform === "darwin" ? `open "${url}"` : process.platform === "win32" ? `start "" "${url}"` : `xdg-open "${url}"`;
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L228
1458console.log(` L1459: Manage it at ${import_chalk7.default.cyan("https://dashboard.apiblaze.com/dashboard")}`); L1460: } ... L1469: var crypto = __toESM(require("crypto")); L1470: var import_child_process = require("child_process"); L1471: var AUTH_BASE = process.env.APIBLAZE_AUTH_BASE || "https://auth.apiblaze.com"; L1472: var APIBLAZE_DIR2 = path2.join(os2.homedir(), ".apiblaze");
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L1458
29L30: // package.json L31: var version = "0.4.9"; ... L50: var path = __toESM(require("path")); L51: var APIBLAZE_DIR = path.join(os.homedir(), ".apiblaze"); L52: var CREDENTIALS_PATH = path.join(APIBLAZE_DIR, "credentials.json"); ... L68: const raw = fs.readFileSync(CREDENTIALS_PATH, "utf-8"); L69: return JSON.parse(raw); L70: } catch { ... L88: // src/lib/api.ts L89: var DASHBOARD_BASE = "https://dashboard.apiblaze.com"; L90: var PUBLIC_API_BASE = "https://api.apiblaze.com";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L29

Findings

3 High3 Medium5 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings