registry  /  mbler  /  0.2.9

mbler@0.2.9

mcx DSL cli

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 129 KB of source, external domains: d.pmnx.qzz.io, github.com, registry.npmjs.com

Source & flagged code

3 flagged · loading source
package.jsonView file
name = mbler; similarTo = multer
Medium
Typosquat Name

Package name is suspiciously similar to a popular package name.

package.jsonView on unpkg
bin/mbler.jsView file
1#!/usr/bin/env node L2: const mbler = require('./../dist') L3:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/mbler.jsView on unpkg · L1
dist/index.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = mbler@0.2.8-rc.13 matchedIdentity = npm:bWJsZXI:0.2.8-rc.13 similarity = 0.400 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.mjsView on unpkg

Findings

1 High4 Medium4 Low
HighPrevious Version Dangerous Deltadist/index.mjs
MediumTyposquat Namepackage.json
MediumDynamic Requirebin/mbler.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings