registry  /  node-conected  /  1.0.0

node-conected@1.0.0

Uma ponte Bluetooth Node.js baseada na sintaxe do html2apk

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 8.04 KB of source

Source & flagged code

3 flagged · loading source
bin/setup.jsView file
3const readline = require('readline'); L4: const { execSync } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

bin/setup.jsView on unpkg · L3
50console.log(`\n${t.installNpm}`); L51: execSync('npm install bluetooth-serial-port --no-save', { stdio: 'inherit' }); L52:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/setup.jsView on unpkg · L50
package.jsonView file
dependencies registry_only=bluetooth-serial-port
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg

Findings

1 Critical3 High1 Medium2 Low
CriticalManifest Confusionpackage.json
HighChild Processbin/setup.js
HighShell
HighRuntime Package Installbin/setup.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings