registry  /  mbler  /  0.2.8-rc.12

mbler@0.2.8-rc.12

Static Scan Results

scanned 10d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 250 KB of source, external domains: d.pmnx.qzz.io, github.com, registry.npmjs.com

Source & flagged code

2 flagged · loading source
package.jsonView file
name = mbler; similarTo = multer
Medium
Typosquat Name

Package name is suspiciously similar to a popular package name.

package.jsonView on unpkg
bin/mbler.jsView file
1#!/usr/bin/env node L2: const mbler = require('./../dist') L3:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/mbler.jsView on unpkg · L1

Findings

4 Medium4 Low
MediumTyposquat Namepackage.json
MediumDynamic Requirebin/mbler.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings