registry  /  mikuplan  /  1.0.2

mikuplan@1.0.2

PRD Planning tool — run mikuplan from any project folder

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 9.22 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts registry_only=start
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg
scripts.postinstall = node installSkills.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = mikuplan@1.0.0 matchedIdentity = npm:bWlrdXBsYW4:1.0.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

server.jsView on unpkg

Findings

1 Critical2 High1 Medium2 Low
CriticalManifest Confusionpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltaserver.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem