registry  /  memorix  /  1.1.9

memorix@1.1.9

Local-first shared memory layer for AI coding agents across MCP clients, Git history, reasoning context, and project sessions.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 262 file(s), 4.88 MB of source, external domains: 127.0.0.1, anthropic.com, api.anthropic.com, api.deepseek.com, api.openai.com, feross.org, github.com, jimmy.warting.se, learn.microsoft.com, opencode.ai, openrouter.ai, raw.githubusercontent.com, registry.npmjs.org, www.ietf.org, your-provider.example
Oversized source lightweight scan
dist/cli/index.js4.07 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellDynamicRequireUrlStrings127.0.0.1github.com
dist/memcode/index.js11.8 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsfeross.orggithub.comjimmy.warting.sewww.ietf.org

Source & flagged code

6 flagged · loading source
dist/cli/memcode.jsView file
7import {createRequire as __memorix_cjsRequire} from "module"; L8: const require = __memorix_cjsRequire(import.meta.url); L9:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli/memcode.jsView on unpkg · L7
dist/index.jsView file
25import { fileURLToPath } from "url"; L26: var getFilename, getDirname, __dirname; L27: var init_esm_shims = __esm({ ... L464: (graph, line) => { L465: const item = JSON.parse(line); L466: if (item.type === "entity") { ... L583: getProjectDataDir: () => getProjectDataDir, L584: hasExistingData: () => hasExistingData, L585: listProjectDirs: () => listProjectDirs, ... L603: function resolveDefaultDataDir() { L604: return process.env.MEMORIX_DATA_DIR || path5.join(os.homedir(), ".memorix", "data"); L605: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L25
plugins/hermes/memorix/__init__.pyView file
path = plugins/hermes/memorix/__init__.py kind = build_helper sizeBytes = 3519 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

plugins/hermes/memorix/__init__.pyView on unpkg
dist/memcode/index.jsView file
path = dist/memcode/index.js kind = oversized_source_file sizeBytes = 12405102 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/memcode/index.jsView on unpkg
dist/cli/index.jsView file
path = dist/cli/index.js kind = oversized_cli_entrypoint sizeBytes = 4267944 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli/index.jsView on unpkg
src/cli/commands/doctor.tsView file
matchType = previous_version_dangerous_delta matchedPackage = memorix@1.1.5 matchedIdentity = npm:bWVtb3JpeA:1.1.5 similarity = 0.883 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/cli/commands/doctor.tsView on unpkg

Findings

3 High6 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
HighOversized Source Filedist/memcode/index.js
HighPrevious Version Dangerous Deltasrc/cli/commands/doctor.ts
MediumDynamic Requiredist/cli/memcode.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperplugins/hermes/memorix/__init__.py
MediumOversized Cli Entrypointdist/cli/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings