registry  /  vitest-pool-assemblyscript  /  0.15.0

vitest-pool-assemblyscript@0.15.0

AssemblyScript testing with Vitest - Simple, fast, familiar, AS-native, with full coverage output

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 34 file(s), 350 KB of source, external domains: github.com

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.install = node scripts/install-native-addon.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts/setup-binaryen.jsView file
4import https from 'https'; L5: import { execSync } from 'child_process'; L6:
High
Child Process

Package source references child process execution.

scripts/setup-binaryen.jsView on unpkg · L4
dist/load-user-imports-0kVlLG94.mjsView file
811const start = performance.now(); L812: const createWasmImports = (await import(safeUrl)).default; L813: debug(`[${logModule}] Imported user WasmImportsFactory "${safeUrl}" | TIMING ${(performance.now() - start).toFixed(2)} ms`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/load-user-imports-0kVlLG94.mjsView on unpkg · L811
scripts/install-native-addon.jsView file
124console.log('Compiling native addon...'); L125: execSync('npx node-gyp rebuild', { L126: cwd: packageRoot,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/install-native-addon.jsView on unpkg · L124
prebuilds/win32-arm64/vitest-pool-assemblyscript.glibc.nodeView file
path = prebuilds/win32-arm64/vitest-pool-assemblyscript.glibc.node kind = native_binary sizeBytes = 10151424 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

prebuilds/win32-arm64/vitest-pool-assemblyscript.glibc.nodeView on unpkg
binding.gypView file
path = binding.gyp kind = build_helper sizeBytes = 2336 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

binding.gypView on unpkg

Findings

4 High6 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processscripts/setup-binaryen.js
HighShell
HighRuntime Package Installscripts/install-native-addon.js
MediumDynamic Requiredist/load-user-imports-0kVlLG94.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binaryprebuilds/win32-arm64/vitest-pool-assemblyscript.glibc.node
MediumShips Build Helperbinding.gyp
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings