registry  /  chaincss  /  2.9.5

chaincss@2.9.5

ChainCSS - The first CSS-in-JS library with true auto-detection mixed mode. Zero runtime by default, dynamic when you need it.

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 11 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 122 file(s), 2.98 MB of source, external domains: chaincss.dev, github.com, www.w3.org

Source & flagged code

4 flagged · loading source
dist/plugins/webpack.jsView file
463function __import__(name) { L464: return new Function("name", "return import(name)")(name); L465: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/plugins/webpack.jsView on unpkg · L463
463function __import__(name) { L464: return new Function("name", "return import(name)")(name); L465: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/plugins/webpack.jsView on unpkg · L463
132threshold: 2, L133: naming: process.env.NODE_ENV === "production" ? "hash" : "readable", L134: cache: true, ... L463: function __import__(name) { L464: return new Function("name", "return import(name)")(name); L465: } ... L2513: if (!macro2) return null; L2514: const merged = JSON.parse(JSON.stringify(macro2)); L2515: if (!overrides) return merged; ... L4917: type: "responsive-issues", L4918: data: { issues, count: issues.length }, L4919: confidence: issues.some((i) => i.severity === "error") ? 1 : 0.7
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/plugins/webpack.jsView on unpkg · L132
dist/compiler/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = chaincss@2.9.2 matchedIdentity = npm:Y2hhaW5jc3M:2.9.2 similarity = 0.950 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/compiler/index.cjsView on unpkg

Findings

1 High3 Medium7 Low
HighPrevious Version Dangerous Deltadist/compiler/index.cjs
MediumDynamic Requiredist/plugins/webpack.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/plugins/webpack.js
LowWeak Cryptodist/plugins/webpack.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings