registry  /  rippletide-package  /  0.3.1

rippletide-package@0.3.1

Rippletide's CLI for AI coding agents — one command, each feature a subcommand.

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 14 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 47 file(s), 372 KB of source, external domains: 127.0.0.1, api.openai.com, example.com

Source & flagged code

5 flagged · loading source
reviewer/codex/rippletide-reviewer/scripts/rippletide-codex.mjsView file
23L24: await import(pathToFileURL(path.join(reviewerRoot, "src/integrations/codex/prepare.js")).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

reviewer/codex/rippletide-reviewer/scripts/rippletide-codex.mjsView on unpkg · L23
surface/src/util.jsView file
125L126: /** JSON.parse with tolerance for // comments and trailing commas (settings files). */ L127: export function tolerantJsonParse(text) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

surface/src/util.jsView on unpkg · L125
tide/sdk-python/tests/test_runtime.pyView file
path = tide/sdk-python/tests/test_runtime.py kind = payload_in_excluded_dir sizeBytes = 24078 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

tide/sdk-python/tests/test_runtime.pyView on unpkg
path = tide/sdk-python/tests/test_runtime.py kind = build_helper sizeBytes = 24078 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

tide/sdk-python/tests/test_runtime.pyView on unpkg
surface/src/classify/signatures.jsView file
matchType = previous_version_dangerous_delta matchedPackage = rippletide-package@0.2.4 matchedIdentity = npm:cmlwcGxldGlkZS1wYWNrYWdl:0.2.4 similarity = 0.864 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

surface/src/classify/signatures.jsView on unpkg

Findings

2 High5 Medium7 Low
HighPayload In Excluded Dirtide/sdk-python/tests/test_runtime.py
HighPrevious Version Dangerous Deltasurface/src/classify/signatures.js
MediumDynamic Requirereviewer/codex/rippletide-reviewer/scripts/rippletide-codex.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertide/sdk-python/tests/test_runtime.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptosurface/src/util.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License