registry  /  firecrawl-cli  /  1.19.26

firecrawl-cli@1.19.26

⚠ Under review

Command-line interface for Firecrawl. Scrape, crawl, and extract data from any website directly from your terminal.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 54 file(s), 466 KB of source, external domains: api.firecrawl.dev, api.github.com, api.openai.com, example.com, firecrawl.dev, github.com, mcp.firecrawl.dev, news.ycombinator.com, registry.npmjs.org, stripe.com, www.firecrawl.dev

Source & flagged code

6 flagged · loading source
dist/utils/auth.jsView file
72async function openBrowser(url) { L73: const { exec } = await Promise.resolve().then(() => __importStar(require('child_process'))); L74: const platform = process.platform;
High
Child Process

Package source references child process execution.

dist/utils/auth.jsView on unpkg · L72
49const config_1 = require("./config"); L50: const DEFAULT_API_URL = 'https://api.firecrawl.dev'; L51: const WEB_URL = 'https://firecrawl.dev'; ... L59: input: process.stdin, L60: output: process.stdout, L61: }); ... L72: async function openBrowser(url) { L73: const { exec } = await Promise.resolve().then(() => __importStar(require('child_process'))); L74: const platform = process.platform; L75: let command; ... L103: /** L104: * Generate a PKCE code verifier (random string, base64url encoded)
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/utils/auth.jsView on unpkg · L49
dist/commands/skills-native.jsView file
12exports.hasNpx = hasNpx; L13: const child_process_1 = require("child_process"); L14: const fs_1 = __importDefault(require("fs")); ... L244: function detectInstalledAgents() { L245: const home = os_1.default.homedir(); L246: return AGENTS.filter((agent) => { ... L283: function cloneRepo(tmpDir, repo) { L284: const repoUrl = `https://github.com/${repo}.git`; L285: if (hasGit()) { ... L404: if (fs_1.default.existsSync(lockFilePath)) { L405: lock = JSON.parse(fs_1.default.readFileSync(lockFilePath, 'utf-8')); L406: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/commands/skills-native.jsView on unpkg · L12
dist/commands/init.jsView file
matchType = previous_version_dangerous_delta matchedPackage = firecrawl-cli@1.19.24 matchedIdentity = npm:ZmlyZWNyYXdsLWNsaQ:1.19.24 similarity = 0.963 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/init.jsView on unpkg
164} L165: // Fallback: npx skills add (copies files, may spray to all agents) L166: if ((0, sk[redacted])()) { ... L178: try { L179: const stdout = (0, child_process_1.execSync)(args.join(' '), { L180: stdio: ['ignore', 'pipe', 'pipe'],
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/init.jsView on unpkg · L164
45exports.handleInitCommand = handleInitCommand; L46: const child_process_1 = require("child_process"); L47: const auth_1 = require("../utils/auth"); ... L121: * inheriting it, so users see a single line per repo. Returns the number of L122: * skills installed (parsed from the captured stdout), or null if unknown. L123: * ... L175: if (isTty) { L176: process.stdout.write(` ${dim}↓ Installing ${label}...${reset}`); L177: } ... L241: * The skill count is reported once (the same skills are symlinked to each L242: * agent), so a multi-agent install does not inflate the total. L243: */
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/commands/init.jsView on unpkg · L45

Findings

1 Critical3 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/commands/init.js
HighChild Processdist/utils/auth.js
HighSandbox Evasion Gated Capabilitydist/utils/auth.js
HighRuntime Package Installdist/commands/init.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/commands/init.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/commands/skills-native.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings