registry  /  candor-ts  /  0.8.6

candor-ts@0.8.6

candor for TypeScript — per-function side effects, transitively, with a policy gate (candor-spec 0.8)

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 251 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
watch.mjsView file
16*/ L17: import { spawnSync } from "node:child_process"; L18: import crypto from "node:crypto"; ... L63: const r = spawnSync("node", [path.join(HERE, "scan.mjs"), target, "--out", out], { encoding: "utf8" }); L64: return { ok: r.status === 0, ms: Date.now() - t0, stderr: r.stderr }; L65: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

watch.mjsView on unpkg · L16
scan.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = candor-ts@0.8.5 matchedIdentity = npm:Y2FuZG9yLXRz:0.8.5 similarity = 0.444 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scan.mjsView on unpkg

Findings

1 High1 Medium5 Low
HighPrevious Version Dangerous Deltascan.mjs
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptowatch.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings