registry  /  muon-ui  /  0.13.0

muon-ui@0.13.0

A multi-platform GUI application framework that uses CEF as its backend

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 463 KB of source

Source & flagged code

4 flagged · loading source
dist/vite-internals-6HS7FULY.cjsView file
32//#endregion L33: let node_child_process = require("node:child_process"); L34: let node_fs = require("node:fs");
High
Child Process

Package source references child process execution.

dist/vite-internals-6HS7FULY.cjsView on unpkg · L32
dist/vite.mjsView file
6* license: MIT L7: * repository.url: https://github.com/kekyo/muon-ui.git L8: * git.commit.hash: [redacted] ... L16: import __screwUpDefaultImportModule0 from "adm-zip"; L17: import { spawn } from "node:child_process"; L18: import * as __screwUpDefaultImportModule0$1 from "sharp"; ... L214: if (i < 0 || i >= l) return TO_STRING ? "" : void 0; L215: a = s.charCodeAt(i); L216: return a < 55296 || a > 56319 || i + 1 === l || (b = s.charCodeAt(i + 1)) < 56320 || b > 57343 ? TO_STRING ? s.charAt(i) : a : TO_STRING ? s.slice(i, i + 2) : (a - 55296 << 10) + (... ... L1744: const writeRaw = (chunk) => { L1745: process.stderr.write(chunk); L1746: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/vite.mjsView on unpkg · L6
dist/cli.cjsView file
7Cross-file remote execution chain: dist/cli.cjs spawns dist/vite-internals-6HS7FULY.cjs; helper contains network access plus dynamic code execution. L7: * license: MIT L8: * repository.url: https://github.com/kekyo/muon-ui.git L9: * git.commit.hash: [redacted] ... L12: let commander = require("commander"); L13: let node_child_process = require("node:child_process"); L14: let node_fs = require("node:fs"); ... L21: var import_dist = require_vite_internals.require_dist(); L22: var muonRecycleExitCode = 88; L23: var defaultProjectConfigFileNames = [ ... L90: }; L91: const previous = process.env[require_vite_internals.[redacted]]; L92: process.env[require_vite_internals.[redacted]] = "1";
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli.cjsView on unpkg · L7
dist/native/linux-armhf/muon-builderView file
path = dist/native/linux-armhf/muon-builder kind = native_binary sizeBytes = 1030284 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/native/linux-armhf/muon-builderView on unpkg

Findings

3 High3 Medium4 Low
HighChild Processdist/vite-internals-6HS7FULY.cjs
HighShell
HighCross File Remote Execution Contextdist/cli.cjs
MediumEnvironment Vars
MediumShips Native Binarydist/native/linux-armhf/muon-builder
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/vite.mjs
LowFilesystem
LowHigh Entropy Strings