registry  /  candor-ts  /  0.8.5

candor-ts@0.8.5

candor for TypeScript — per-function side effects, transitively, with a policy gate (candor-spec 0.8)

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 6 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 244 KB of source, external domains: github.com

Source & flagged code

1 flagged · loading source
watch.mjsView file
16*/ L17: import { spawnSync } from "node:child_process"; L18: import crypto from "node:crypto"; ... L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" }); L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr }; L65: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

watch.mjsView on unpkg · L16

Findings

1 Medium5 Low
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptowatch.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings