registry  /  super-api-tester  /  1.6.8

super-api-tester@1.6.8

A high-performance, schema-driven API automation framework.

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 2.39 MB of source, external domains: api.example.com, api.restful-api.dev, generativelanguage.googleapis.com, github.com, vitest.dev

Source & flagged code

3 flagged · loading source
bin/cli.jsView file
2import path from 'path'; L3: import { exec, execSync } from 'child_process'; L4: import { generateAndRunAiTest } from './aiGenerator.js';
High
Child Process

Package source references child process execution.

bin/cli.jsView on unpkg · L2
85function executeTestDirectory() { L86: const runCommand = `npx vitest run test/ --reporter=verbose`; L87: L88: const child = exec(runCommand, async (error, stdout, stderr) => { L89: const fullLog = stdout + '\n' + stderr;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli.jsView on unpkg · L85
dist/client.jsView file
13915snapshotContents = content; L13916: const populate = new Function("exports", snapshotContents); L13917: populate(data);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/client.jsView on unpkg · L13915

Findings

3 High3 Medium6 Low
HighChild Processbin/cli.js
HighShell
HighRuntime Package Installbin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/client.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings