registry  /  opencode-resolve  /  0.3.1

opencode-resolve@0.3.1

OpenCode plugin that adds a lightweight resolver/coder harness for continuous agentic coding.

Static Scan Results

scanned 8h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 268 KB of source, external domains: opencode.ai

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/tools/index.jsView file
1116const vulnPatterns = [ L1117: { name: "eval() usage", regex: "\\beval\\s*\\(" }, L1118: { name: "innerHTML usage", regex: "\\.innerHTML\\s*=" },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/tools/index.jsView on unpkg · L1116

Findings

1 High3 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/tools/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings