registry  /  ark-runtime-kernel  /  1.8.1

ark-runtime-kernel@1.8.1

Architectural Runtime Kernel — governance for Hexagonal + Event-Driven + DDD systems

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 466 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/ark-postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/ark-mcp.mjsView file
96try { L97: return await import(url.href); L98: } catch (err) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/ark-mcp.mjsView on unpkg · L96
bin/ark-check.mjsView file
20const args = { L21: root: process.cwd(), L22: config: 'ark.config.json', ... L156: function readJson(file) { L157: return JSON.parse(fs.readFileSync(file, 'utf8')); L158: } ... L160: function readPackageJson(root) { L161: const file = path.join(root, 'package.json'); L162: if (!fs.existsSync(file)) return null; ... L375: console.error(`${configPath} already exists. Re-run with --force to overwrite it.`); L376: process.exitCode = 2; L377: return;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/ark-check.mjsView on unpkg · L20

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirebin/ark-mcp.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/ark-check.mjs
LowFilesystem
LowHigh Entropy Strings