registry  /  incur  /  0.4.13

incur@0.4.13

<picture> <source media="(prefers-color-scheme: dark)" srcset=".github/logo-dark.svg"> <source media="(prefers-color-scheme: light)" srcset=".github/logo-light.svg"> <img alt="incur" src=".github/logo-light.svg" width="100%" height="140px"> </pictur

Static Scan Results

scanned 6h ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 6 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 93 file(s), 1.11 MB of source, external domains: api.example.com, custom.example.com, example.com, expressjs.com, json-schema.org, mcp.example.com, mcp.local, pkg.pr.new, prod.example.com, registry.npmjs.org, staging.example.com

Source & flagged code

1 flagged · loading source
dist/internal/utils.jsView file
21try { L22: const mod = await import(href); L23: const cli = mod.default;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/internal/utils.jsView on unpkg · L21

Findings

3 Medium3 Low
MediumDynamic Requiredist/internal/utils.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings