registry  /  create-storm-workspace  /  1.97.244

create-storm-workspace@1.97.244

⚡A CLI tool used to generate and fully configure a Storm Workspace repository.

Static Scan Results

scanned 22h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1.69 MB of source, external domains: api.github.com, discord.gg, docs.stormsoftware.com, dotenvx.com, github.com, gitlab.com, join.slack.com, nx.dev, public.storm-cdn.com, stormsoftware.com

Source & flagged code

4 flagged · loading source
bin/index.tsView file
12import { prompt } from "enquirer"; L13: import { execFileSync } from "node:child_process"; L14:
High
Child Process

Package source references child process execution.

bin/index.tsView on unpkg · L12
index.jsView file
110Automatic extension resolution of the "main" field is deprecated for ES modules.`,"DeprecationWarning","DEP0151"):yc.default.emitWarning(`No "main" or "exports" field defined in th... L111: Default "index" lookups for the main are deprecated for ES modules.`,"DeprecationWarning","DEP0151")}function ST(e){try{return(0,Ca.statSync)(e)}catch{}}function Yb(e){let t=(0,Ca.... L112: `);let i;for(;(i=see.exec(r))!=null;){let n=i[1],s=i[2]||"";s=s.trim();let o=s[0];s=s.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),o==='"'&&(s=s.replace(/\\n/g,` L113: `),s=s.replace(/\\r/g,"\r")),t[n]=s}return t}function aee(e){e=e||{};let t=$T(e);e.path=t;let r=pi.configDotenv(e);if(!r.parsed){let o=new Error(`MISSING_DATA: Cannot parse ${t} fo... L114: `,n=Buffer.byteLength(i),s=Math.floor(Math.log(n)/Math.log(10))+1;return n+s>=Math.pow(10,s)&&(s+=1),s+n+i}};bd.parse=(e,t,r)=>new bd(Yee(Wee(e),t),r);var Yee=(e,t)=>t?Object.keys(... L115: `).reduce(Jee,Object.create(null)),Jee=(e,t)=>{let r=parseInt(t,10);if(r!==Buffer.byteLength(t)+1)return e;t=t.slice((r+" ").length);let i=t.split("="),n=i.shift().replace(/^SCHILY... L116: --`+t;let r=new Uint8Array(t.length);for(let i=0;i<t.length;i++)r[i]=t.charCodeAt(
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.jsView on unpkg · L110
110Automatic extension resolution of the "main" field is deprecated for ES modules.`,"DeprecationWarning","DEP0151"):yc.default.emitWarning(`No "main" or "exports" field defined in th... L111: Default "index" lookups for the main are deprecated for ES modules.`,"DeprecationWarning","DEP0151")}function ST(e){try{return(0,Ca.statSync)(e)}catch{}}function Yb(e){let t=(0,Ca.... L112: `);let i;for(;(i=see.exec(r))!=null;){let n=i[1],s=i[2]||"";s=s.trim();let o=s[0];s=s.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),o==='"'&&(s=s.replace(/\\n/g,` L113: `),s=s.replace(/\\r/g,"\r")),t[n]=s}return t}function aee(e){e=e||{};let t=$T(e);e.path=t;let r=pi.configDotenv(e);if(!r.parsed){let o=new Error(`MISSING_DATA: Cannot parse ${t} fo... L114: `,n=Buffer.byteLength(i),s=Math.floor(Math.log(n)/Math.log(10))+1;return n+s>=Math.pow(10,s)&&(s+=1),s+n+i}};bd.parse=(e,t,r)=>new bd(Yee(Wee(e),t),r);var Yee=(e,t)=>t?Object.keys(... L115: `).reduce(Jee,Object.create(null)),Jee=(e,t)=>{let r=parseInt(t,10);if(r!==Buffer.byteLength(t)+1)return e;t=t.slice((r+" ").length);let i=t.split("="),n=i.shift().replace(/^SCHILY... L116: --`+t;let r=new Uint8Array(t.length);for(let i=0;i<t.length;i++)r[i]=t.charCodeAt(
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

index.jsView on unpkg · L110
1#!/usr/bin/env node L2: var yW=Object.create;var $g=Object.defineProperty;var bW=Object.getOwnPropertyDescriptor;var IW=Object.getOwnPropertyNames;var wW=Object.getPrototypeOf,BW=Object.prototype.hasOwnPr... L3: `;break;case 114:$e+="\r";break;case 116:$e+=" ";break;case 117:let Ut=Ze(4);Ut>=0?$e+=String.fromCharCode(Ut):dt=4;break;default:dt=5}yr=N}}return $e}function Dt(){if(re="",dt=0,K...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index.jsView on unpkg · L1

Findings

4 High4 Medium4 Low
HighChild Processbin/index.ts
HighShell
HighSame File Env Network Executionindex.js
HighCommand Output Exfiltrationindex.js
MediumDynamic Requireindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings