registry  /  fluncle  /  0.89.0

fluncle@0.89.0

drum & bass bangers from another dimension — the Fluncle CLI

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 313 KB of source, external domains: api.deezer.com, api.github.com, api.mixcloud.com, chromewebstore.google.com, dig.fluncle.com, found.fluncle.com, galaxy.fluncle.com, github.com, itunes.apple.com, open.spotify.com, p53pc2uzfu2tnih4cd6wd42ok6zup2uttj6xdmjdccy5kqo33fyppkqd.onion, radio.fluncle.com, registry.npmjs.org, status.fluncle.com, t.me, www.fluncle.com, www.instagram.com, www.mixcloud.com, www.tiktok.com, www.youtube.com, youtu.be

Source & flagged code

1 flagged · loading source
bin/fluncle.mjsView file
76function supportsAnsi() { L77: return process.stdout.isTTY; L78: } ... L109: if (!result.parsed) { L110: const err = new Error(`MISSING_DATA: Cannot parse ${vaultPath} for an unknown reason`); L111: err.code = "MISSING_DATA"; ... L143: } L144: if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) { L145: return process.env.DOTENV_KEY; ... L194: } else { L195: possibleVaultPath = path2.resolve(process.cwd(), ".env.vault"); L196: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/fluncle.mjsView on unpkg · L76

Findings

1 High3 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/fluncle.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings