registry  /  playwright-praman  /  1.3.5

playwright-praman@1.3.5

Playwright plugin for SAP S/4HANA, Fiori & UI5 test automation — AI test generation, 199 typed control proxies, OData V2/V4, Fiori Elements, 6 auth strategies

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 90 file(s), 2.05 MB of source, external domains: fontoxml.com, my-sap.example.com, placeholder.local, praman.dev, www.w3.org

Source & flagged code

4 flagged · loading source
dist/verify-spec-command-KV25AFH7.cjsView file
4var chunkLFQNSXFW_cjs = require('./chunk-LFQNSXFW.cjs'); L5: var child_process = require('child_process'); L6: var fs = require('fs');
High
Child Process

Package source references child process execution.

dist/verify-spec-command-KV25AFH7.cjsView on unpkg · L4
56try { L57: child_process.execSync(`npx eslint --no-warn-ignored ${filePath}`, { L58: stdio: "pipe",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/verify-spec-command-KV25AFH7.cjsView on unpkg · L56
dist/index.jsView file
5928if (ctrl3 === null) throw new Error("Control not found: " + controlId2); L5929: const userFn = new Function("return (" + fnBody + ")")(); L5930: return userFn(ctrl3, ...browserArgs);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L5928
dist/chunk-ZYXTYLOP.cjsView file
2L3: var chunkLFQNSXFW_cjs = require('./chunk-LFQNSXFW.cjs'); L4:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-ZYXTYLOP.cjsView on unpkg · L2

Findings

3 High4 Medium7 Low
HighChild Processdist/verify-spec-command-KV25AFH7.cjs
HighShell
HighRuntime Package Installdist/verify-spec-command-KV25AFH7.cjs
MediumDynamic Requiredist/chunk-ZYXTYLOP.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings