registry  /  ark-runtime-kernel  /  1.6.0

ark-runtime-kernel@1.6.0

Architectural Runtime Kernel — governance for Hexagonal + Event-Driven + DDD systems

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 432 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/ark-postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/ark-mcp.mjsView file
96try { L97: return await import(url.href); L98: } catch (err) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/ark-mcp.mjsView on unpkg · L96
bin/ark-check.mjsView file
19const args = { L20: root: process.cwd(), L21: config: 'ark.config.json', ... L140: function readJson(file) { L141: return JSON.parse(fs.readFileSync(file, 'utf8')); L142: } ... L144: function readPackageJson(root) { L145: const file = path.join(root, 'package.json'); L146: if (!fs.existsSync(file)) return null; ... L251: console.error(`${configPath} already exists. Re-run with --force to overwrite it.`); L252: process.exitCode = 2; L253: return;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/ark-check.mjsView on unpkg · L19

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirebin/ark-mcp.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/ark-check.mjs
LowFilesystem
LowHigh Entropy Strings