registry  /  create-lism  /  0.8.0

create-lism@0.8.0

Scaffold a new Lism CSS project.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 1000 KB of source, external domains: api.github.com, bitbucket.com, bitbucket.org, git.sr.ht, github.com, gitlab.com, raw.githubusercontent.com, registry.npmjs.org, templates.lism-css.com

Source & flagged code

1 flagged · loading source
dist/index.jsView file
21var env = p.env || {}; L22: var isColorSupported = !(!!env.NO_COLOR || argv.includes("--no-color")) && (!!env.FORCE_COLOR || argv.includes("--color") || p.platform === "win32" || (p.stdout || {}).isTTY && env... L23: var formatter = (open, close, replace = open) => (input) => { ... L198: } L199: if (process.env.CLI_WIDTH) { L200: const width = parseInt(process.env.CLI_WIDTH, 10); ... L1159: graph[models[i]] = { L1160: // http://jsperf.com/1-vs-infinity L1161: // micro-opt, but this is simple. ... L1555: module.exports = (string, columns, options) => { L1556: return String(string).normalize().replace(/\r\n/g, "\n").split("\n").map((line) => exec(line, columns, options)).join("\n"); L1557: };
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L21

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings