registry  /  datastake-daf  /  0.7.217

datastake-daf@0.7.217

```bash git clone https://link-to-project ```

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
Manifest
NoLicense
scanned 1,779 file(s), 12.2 MB of source, external domains: 192.168.4.211, 192.168.4.43, 192.168.4.64, api.datastake.io, api.example.com, corsproxy.io, d6emlwyqv3muw.cloudfront.net, example.com, flagcdn.com, flagsapi.com, images.unsplash.com, invalid-url-to-show-fallback.jpg, ipapi.co, lavoixdelituri.com, picsum.photos, static0.srcdn.com, whc.unesco.org, www.cahraslist.net, www.eeas.europa.eu, www.example.com, www.google.com, www.iturikwetu.net, www.iucn.org, www.nrc.no, www.w3.org, wwww.example.com, zeroextinction.org
Oversized source lightweight scan
dist/components/index.js4.67 MB file, sampled 256 KB
NetworkHighEntropyStrings
dist/pages/index.js5.53 MB file, sampled 256 KB
NetworkHighEntropyStrings

Source & flagged code

6 flagged · loading source
src/@daf/core/components/Screens/InformationChannels/InformationChanel.stories.tsxView file
475patternName = generic_password severity = medium line = 475 matchedText = password...NC",
Medium
Secret Pattern

Package contains a possible secret pattern.

src/@daf/core/components/Screens/InformationChannels/InformationChanel.stories.tsxView on unpkg · L475
src/@daf/core/components/EditForm/RenderForm.jsView file
260try { L261: const fn = eval(form.editComponent); L262: return fn(
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/@daf/core/components/EditForm/RenderForm.jsView on unpkg · L260
deploy.shView file
path = deploy.sh kind = build_helper sizeBytes = 922 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

deploy.shView on unpkg
dist/style/datastake/fonts/sf-ui-display-bold-58646a511e3d9.woffView file
path = dist/style/datastake/fonts/sf-ui-display-bold-58646a511e3d9.woff kind = high_entropy_blob sizeBytes = 117044 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/style/datastake/fonts/sf-ui-display-bold-58646a511e3d9.woffView on unpkg
dist/components/index.jsView file
path = dist/components/index.js kind = oversized_source_file sizeBytes = 4895249 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/components/index.jsView on unpkg
dist/hooks/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = datastake-daf@0.7.210 matchedIdentity = npm:ZGF0YXN0YWtlLWRhZg:0.7.210 similarity = 0.625 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/hooks/index.jsView on unpkg

Findings

3 High5 Medium8 Low
HighShips High Entropy Blobdist/style/datastake/fonts/sf-ui-display-bold-58646a511e3d9.woff
HighOversized Source Filedist/components/index.js
HighPrevious Version Dangerous Deltadist/hooks/index.js
MediumSecret Patternsrc/@daf/core/components/Screens/InformationChannels/InformationChanel.stories.tsx
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdeploy.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/@daf/core/components/EditForm/RenderForm.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License