registry  /  houdini-react  /  2.1.0

houdini-react@2.1.0

The React plugin for houdini

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 40 file(s), 185 KB of source, external domains: registry.npmjs.org

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node postInstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
postInstall.jsView file
4const https = require('https') L5: const child_process = require('child_process') L6:
High
Child Process

Package source references child process execution.

postInstall.jsView on unpkg · L4
83function installUsingNPM() { L84: // Erase "npm[redacted]" so that "npm install --global" works. L85: // Otherwise this nested "npm install" will also be global, and the install ... L96: // Run npm install in the temporary directory L97: child_process.execSync( L98: `npm install --loglevel=error --prefer-offline --no-audit --progress=false ${platformSpecificPackageName}@${BINARY_DISTRIBUTION_VERSION}`,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

postInstall.jsView on unpkg · L83
1const fs = require('fs') L2: const path = require('path')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

postInstall.jsView on unpkg · L1

Findings

3 High4 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild ProcesspostInstall.js
HighRuntime Package InstallpostInstall.js
MediumDynamic RequirepostInstall.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings