registry  /  token-goat  /  2.6.10

token-goat@2.6.10

Surgical token-reduction companion for Claude Code and other AI coding agents

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 8 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 256 KB of source, external domains: sheetjs.com
Oversized source lightweight scan
dist/token-goat.mjs10.2 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringssheetjs.com

Source & flagged code

2 flagged · loading source
dist/token-goat.mjsView file
path = dist/token-goat.mjs kind = oversized_source_file sizeBytes = 10680983 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/token-goat.mjsView on unpkg
path = dist/token-goat.mjs kind = oversized_cli_entrypoint sizeBytes = 10680983 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/token-goat.mjsView on unpkg

Findings

1 High3 Medium4 Low
HighOversized Source Filedist/token-goat.mjs
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/token-goat.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings