registry  /  auditx  /  0.1.35

auditx@0.1.35

One command. Every vulnerability, dead code, and AI-generated code anti-pattern. JSON output built for AI coding agents to parse and self-fix.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 194 KB of source, external domains: auditx-cli.vercel.app, fonts.googleapis.com, fonts.gstatic.com, github.com, osv.dev, raw.githubusercontent.com, registry.npmjs.org, semgrep.dev, trivy.dev

Source & flagged code

3 flagged · loading source
dist/chunk-3FBHKNVS.jsView file
1791rule: "supplychain/obfuscated-eval", L1792: msg: 'Contains obfuscated code: eval(Buffer.from(..., "base64")). This is a hallmark of malware.', L1793: fix: "Remove this package and run a full system audit.",
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/chunk-3FBHKNVS.jsView on unpkg · L1791
8import { join } from "path"; L9: import { execSync } from "child_process"; L10: var MAX_DEPTH = 4; ... L12: var TARGET_FILES = /* @__PURE__ */ new Set([ L13: "package.json", L14: "package-lock.json", ... L116: try { L117: const pkg = JSON.parse(readFileSync(pkgPath, "utf-8")); L118: if (pkg.dependencies) Object.keys(pkg.dependencies).forEach((d) => allDeps.add(d)); ... L191: } L192: const { stdout } = await execFileAsync( L193: bin,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-3FBHKNVS.jsView on unpkg · L8
dist/scan-ZBHD7I7M.jsView file
matchType = previous_version_dangerous_delta matchedPackage = auditx@0.1.34 matchedIdentity = npm:YXVkaXR4:0.1.34 similarity = 0.909 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/scan-ZBHD7I7M.jsView on unpkg

Findings

1 High2 Medium6 Low
HighPrevious Version Dangerous Deltadist/scan-ZBHD7I7M.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/chunk-3FBHKNVS.js
LowWeak Cryptodist/chunk-3FBHKNVS.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings