registry  /  arkormx  /  2.11.4

arkormx@2.11.4

Modern TypeScript-first ORM for Node.js.

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 1.40 MB of source

Source & flagged code

3 flagged · loading source
dist/relationship-Bds4OCOY.cjsView file
40let node_async_hooks = require("node:async_hooks"); L41: let node_child_process = require("node:child_process"); L42: let _h3ravel_support = require("@h3ravel/support");
High
Child Process

Package source references child process execution.

dist/relationship-Bds4OCOY.cjsView on unpkg · L40
3085const runPrismaCommand = (args, cwd) => { L3086: const command = (0, node_child_process.spawnSync)("npx", ["prisma", ...args], { L3087: cwd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/relationship-Bds4OCOY.cjsView on unpkg · L3085
27//#endregion L28: let _h3ravel_collect_js = require("@h3ravel/collect.js"); L29: let async_hooks = require("async_hooks");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/relationship-Bds4OCOY.cjsView on unpkg · L27

Findings

3 High3 Medium3 Low
HighChild Processdist/relationship-Bds4OCOY.cjs
HighShell
HighRuntime Package Installdist/relationship-Bds4OCOY.cjs
MediumDynamic Requiredist/relationship-Bds4OCOY.cjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings