registry  /  create-efs  /  1.6.2

create-efs@1.6.2

A CLI tool to create SvelteKit apps.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 22 file(s), 19.6 KB of source, external domains: 127.0.0.1, api.github.com, npmjs.com

Source & flagged code

3 flagged · loading source
dist/index.jsView file
257commands.push("pnpm up"); L258: await exec(commands.join(" && ")); L259: spinner.stop("Installed dependencies.");
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L257
254if (pnpmDevDeps.length) { L255: commands.push(`pnpm add --prefer-offline -D ${pnpmDevDeps.join(" ")}`); L256: } L257: commands.push("pnpm up"); L258: await exec(commands.join(" && ")); L259: spinner.stop("Installed dependencies.");
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L254
templates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2View file
path = templates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2 kind = high_entropy_blob sizeBytes = 69652 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

templates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2View on unpkg

Findings

4 High3 Medium3 Low
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
HighShips High Entropy Blobtemplates/SvelteKit Simple Scaffold/static/fonts/Geist[wght].woff2
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings