registry  /  arkormx  /  2.11.3

arkormx@2.11.3

Modern TypeScript-first ORM for Node.js.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 1.39 MB of source

Source & flagged code

3 flagged · loading source
dist/relationship-4S2yHPIH.mjsView file
11import { createHash, randomUUID } from "node:crypto"; L12: import { spawnSync } from "node:child_process"; L13: import { str } from "@h3ravel/support";
High
Child Process

Package source references child process execution.

dist/relationship-4S2yHPIH.mjsView on unpkg · L11
3028const runPrismaCommand = (args, cwd) => { L3029: const command = spawnSync("npx", ["prisma", ...args], { L3030: cwd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/relationship-4S2yHPIH.mjsView on unpkg · L3028
830sourceMaps: true L831: }).import(resolvedPath, useDefault ? { default: true } : {}); L832: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/relationship-4S2yHPIH.mjsView on unpkg · L830

Findings

3 High3 Medium3 Low
HighChild Processdist/relationship-4S2yHPIH.mjs
HighShell
HighRuntime Package Installdist/relationship-4S2yHPIH.mjs
MediumDynamic Requiredist/relationship-4S2yHPIH.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings