registry  /  create-mastra  /  1.18.1

create-mastra@1.18.1

Create Mastra apps with one command

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 94.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 544 KB of source, external domains: api.open-meteo.com, app.posthog.com, gateway-api.mastra.ai, gateway-api.staging.mastra.ai, geocoding-api.open-meteo.com, github.com, mastra.ai, nodejs.org, platform.mastra.ai, projects.mastra.ai, qntm.org, raw.githubusercontent.com, studio.mastra.ai, studio.staging.mastra.ai, us.posthog.com

Source & flagged code

6 flagged · loading source
dist/index.jsView file
2import { Command } from 'commander'; L3: import child_process, { execFileSync, ChildProcess, execFile, spawnSync, spawn } from 'node:child_process'; L4: import { randomBytes, randomUUID } from 'node:crypto';
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L2
14import util, { debuglog, stripVTControlCharacters, inspect, promisify, callbackify, aborted, styleText } from 'node:util'; L15: import process$2, { platform, hrtime, execPath, execArgv, stdout, stdin } from 'node:process'; L16: import tty, { ReadStream } from 'node:tty';
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L14
16893const installCommand = shellQuote.quote([pm, "install"]); L16894: await exec(installCommand, { L16895: cwd: projectPath ... L16902: } L16903: var TEMPLATES_API_URL = process.env.MASTRA_TEMPLATES_API_URL || "https://mastra.ai/api/templates.json"; L16904: async function loadTemplates() {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L16893
8919// If `subprocess.stdin` is destroyed before being fully written to, it is considered aborted and should throw an error. L8920: // This can happen for example when user called `subprocess.stdin.destroy()` before `subprocess.stdin.end()`. L8921: // However, Node.js calls `subprocess.stdin.destroy()` on exit for cleanup purposes. L8922: // https://github.[redacted]child_process.js#L278 L8923: // This is normal and should not throw an error. ... L8928: // The only way to detect this is to spy on `subprocess.stdin._destroy()` by wrapping it. L8929: // If `subprocess.exitCode` or `subprocess.signalCode` is set, it means `.destroy()` is being called by Node.js itself. L8930: const handleStdinDestroy = (stream, {originalStreams: [originalStdin], subprocess}) => {
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L8919
2import { Command } from 'commander'; L3: import child_process, { execFileSync, ChildProcess, execFile, spawnSync, spawn } from 'node:child_process'; L4: import { randomBytes, randomUUID } from 'node:crypto'; ... L7: import fs4__default__default, { readFile, mkdir, writeFile, chmod, unlink } from 'node:fs/promises'; L8: import { createServer } from 'node:http'; L9: import os, { homedir, release, constants } from 'node:os'; ... L14: import util, { debuglog, stripVTControlCharacters, inspect, promisify, callbackify, aborted, styleText } from 'node:util'; L15: import process$2, { platform, hrtime, execPath, execArgv, stdout, stdin } from 'node:process'; L16: import tty, { ReadStream } from 'node:tty'; ... L90: // with no body, we should not to set Content-Type L91: serializedBody === void 0 || // if serialized body is FormData; browser will correctly set Content-Type & boundary expression L92: serializedBody instanceof FormData ? {} : {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L2
matchType = malicious_source_fingerprint_signature signature = 86cb0eb577cfbda3 signatureType = suspicious_hashes sourceLabel = Datadog matchedPackage = create-mastra@1.13.1 matchedPath = dist/index.js matchedIdentity = npm:Y3JlYXRlLW1hc3RyYQ:1.13.1 similarity = 1.000 shingleOverlap = 4 summary = Datadog malicious npm corpus sample: samples/npm/compromised_lib/create-mastra/1.13.1/2026-06-17-create-mastra-v1.13.1.zip
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

dist/index.jsView on unpkg

Findings

6 High3 Medium5 Low
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
HighKnown Malware Source Fingerprint Signaturedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings