registry  /  grab  /  0.1.48

grab@0.1.48

Select context for coding agents directly from your website

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 1.01 MB of source, external domains: fonts.googleapis.com, react-grab.com, reactjs.org, tailwindcss.com, www.react-grab.com, www.w3.org

Source & flagged code

1 flagged · loading source
bin/cli.jsView file
11package = grab; repositoryIdentity = react-grab; dependency = @react-grab/cli L11: L12: await import("@react-grab/cli");
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

bin/cli.jsView on unpkg · L11

Findings

1 High3 Medium3 Low
HighCopied Package Dependency Bridgebin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings