registry  /  tnp  /  21.0.211

tnp@21.0.211

Development version of taon.dev vscode plugin

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 619 file(s), 5.29 MB of source, external domains: angular.dev, console.cloud.google.com, feross.org, github.com, host.docker.internal, jimmy.warting.se, lodash.com, mths.be, openjsf.org, twitter.com, underscorejs.org, www.apache.org, www.linkedin.com, www.opensource.org
Oversized source lightweight scan
cli.js23.7 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsHighEntropyStringsUrlStringsangular.devfeross.orggithub.comjimmy.warting.selodash.commths.beopenjsf.orgunderscorejs.orgwww.apache.orgwww.opensource.org

Source & flagged code

8 flagged · loading source
lib-esm/lib/start-cli.jsView file
3import axios from 'axios'; L4: import { config, taonPackageName, child_process, tnpPackageName, } from 'tnp-core/lib'; L5: import { chalk, Helpers, UtilsNetwork, UtilsTerminal } from 'tnp-core/lib';
High
Child Process

Package source references child process execution.

lib-esm/lib/start-cli.jsView on unpkg · L3
15//#region @backendFunc L16: const oraSpinner = require('ora'); L17: //#region quick fixes
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib-esm/lib/start-cli.jsView on unpkg · L15
lib-esm/lib/project/abstract/cloud-flare-projects/cloud-flare-projects.utils.jsView file
84cwd: cwdWorker, L85: shell: true, L86: });
High
Shell

Package source references shell execution.

lib-esm/lib/project/abstract/cloud-flare-projects/cloud-flare-projects.utils.jsView on unpkg · L84
81return new Promise((resolve, reject) => { L82: const proc = spawn('npx', ['wrangler', 'secret', 'put', name], { L83: stdio: ['pipe', 'inherit', 'inherit'],
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib-esm/lib/project/abstract/cloud-flare-projects/cloud-flare-projects.utils.jsView on unpkg · L81
lib-esm/lib/project/abstract/artifacts/npm-lib-and-cli-tool/tools/build-isomorphic-lib/code-cut/cut-fn.jsView file
7try { L8: return eval(exp); L9: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib-esm/lib/project/abstract/artifacts/npm-lib-and-cli-tool/tools/build-isomorphic-lib/code-cut/cut-fn.jsView on unpkg · L7
sql-wasm.wasmView file
path = sql-wasm.wasm kind = wasm_module sizeBytes = 613426 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

sql-wasm.wasmView on unpkg
cli.jsView file
path = cli.js kind = oversized_source_file sizeBytes = 24833468 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

cli.jsView on unpkg
path = cli.js kind = oversized_cli_entrypoint sizeBytes = 24833468 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

cli.jsView on unpkg

Findings

4 High6 Medium5 Low
HighChild Processlib-esm/lib/start-cli.js
HighShelllib-esm/lib/project/abstract/cloud-flare-projects/cloud-flare-projects.utils.js
HighRuntime Package Installlib-esm/lib/project/abstract/cloud-flare-projects/cloud-flare-projects.utils.js
HighOversized Source Filecli.js
MediumDynamic Requirelib-esm/lib/start-cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Modulesql-wasm.wasm
MediumOversized Cli Entrypointcli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvallib-esm/lib/project/abstract/artifacts/npm-lib-and-cli-tool/tools/build-isomorphic-lib/code-cut/cut-fn.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings