registry  /  ultracite  /  7.8.4

ultracite@7.8.4

The AI-ready formatter that helps you write and generate code faster.

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 6 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEval
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 64 file(s), 226 KB of source, external domains: github.com, registry.npmjs.org, www.ultracite.ai, www.youtube.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
244`)},kn=async(e,o)=>{let t=await ie(e,"utf-8"),i=Un(t);if(!i)return;if(se(i))return;let n=ne(i,H(o));await c(e,`${JSON.stringify(n,null,2)} L245: `)},En=(e)=>e.replaceAll(/^(?<key>[*?{[][^\n:]*):(?<rest>.*)$/gmu,(o,t,i)=>`'${t}':${i}`),In=async(e,o)=>{let t=await ie(e,"utf-8"),i=En(t),n;try{n=gt.parse(i)}catch{return}if(!n)r... L246: `;await c(e,d)},Nn=async(e,o)=>{let i=await import(`${vt(e).href}?t=${Date.now()}`),n=i.default||i;if(se(n))return;let a=ne(n,H(o)),d=`module.exports = ${JSON.stringify(a,null,2)};
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L244
78- Avoid \`dangerouslySetInnerHTML\` unless absolutely necessary L79: - Don't use \`eval()\` or assign directly to \`document.cookie\` L80: - Validate and sanitize user input
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L78

Findings

2 Medium4 Low
MediumDynamic Requiredist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/index.js
LowHigh Entropy Strings
LowUrl Strings