registry  /  psycgod-sage-js  /  1.0.3

psycgod-sage-js@1.0.3

Smart Agent Guidance Engine - CLI wrapper with 97% compression for AI coding agents

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 86.7 KB of source, external domains: sage.api.marketingstudios.in

Source & flagged code

2 flagged · loading source
dist/agents/security.jsView file
46const antiPatterns = [ L47: { pattern: /eval\s*\(/g, type: 'eval() usage', risk: 'Code injection vulnerability' }, L48: { pattern: /innerHTML\s*=/g, type: 'innerHTML assignment', risk: 'XSS vulnerability' },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/agents/security.jsView on unpkg · L46
dist/db/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = psycgod-sage-js@1.0.0 matchedIdentity = npm:cHN5Y2dvZC1zYWdlLWpz:1.0.0 similarity = 0.963 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/db/index.jsView on unpkg

Findings

1 High2 Medium6 Low
HighPrevious Version Dangerous Deltadist/db/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/agents/security.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings